TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
952
Signature ID: 35479
Trend Micro OfficeScan Atxconsole ActiveX Control Format String Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-5157 Bugtraq: 20284
Signature Description: Trend Micro OfficeScan is an enterprise-level centrally managed antivirus solution. It is
commercially available for the Microsoft Windows platform. Trend Micro OfficeScan, version 7.3, is a format string
vulnerability in the ActiveX control(ATXCONSOLE.OCX). The signature detects when an attacker passed specially
crafted parameter to the Management Console's Remote Client Install name search. The successful exploitation may
allow an attacker to execute arbitrary code on the system. The issue is fixed in the version of Trend Micro Office Scan
7.3 patch 1. The Administrators are advise to update the Trend Micro Office Scan 7.3 patch 1 version for resolve the
issue.
Signature ID: 35480
Macromedia Flash Player LoadMovie DoS vulnerability
Threat Level: Severe
Bugtraq: 10057
Signature Description: Macromedia Flash is a modular package designed to enhance web browsing, and enables users
to view various multimedia web content. It uses a scripting language called ActionScript, which includes the
commands loadMovie and loadSound to download associated video and audio clips. Macromedia Flash player, version
7.0 r19, 7.0.19.0, is a denial of service vulnerability. The issue is reported to exist in the 'LoadMovie' function by
calling the function and loading a flash movie into a non-zero level such as 'LoadMovie 1, "text.swf"'. The successful
exploitation may allow an attacker to crash the user's browser.
Signature ID: 35481
Ethereal Netflow Dissector Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0176 Bugtraq: 9952
Signature Description: Ethereal is a network packet analyzer that supports nearly 700 network protocols. It is used to
troubleshoot network problems and find security deficiencies. It is able to analyze network traffic in two ways: by
reading packets from a live network, or by reading in network traffic saved by Packet Capture Library tools. Netflow is
a Cisco-proprietary protocol designed to collecting IP traffic information. It also supports the other platforms, such as
Juniper routers or FreeBSD and OpenBSD. Ethereal, version 0.8.13 to 0.10.2, is a buffer overflow vulnerability in the
NetFlow. This issue is triggered when an attacker parsing the v9_template structure within a NetFlow UDP Packet a
template_entry count grater than 64. The successful exploitation may allow an attacker to overflow a buffer and
execute arbitrary code on the system. This issue is fixed in the version of Ethereal (0.10.3 or later), which is available
from vendor's website. The Administrator's are advise to update the latest version of Ethereal (0.10.3 or later) for
resolve the issue.
Signature ID: 35482
Cisco Webex Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-3558 Bugtraq: 30578
Signature Description: The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx
meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures meeting manager
the first time a user begins or joins a meeting. The 'atucfobj' module of WebEx meeting manager, version
20.2008.2601.4928, is a stack-based buffer overflow vulnerability. The issue occurs when processing overly long
arguments(>236 bytes) passed to the NewObject() method. By persuading the victim to visit a specially-crafted web
page, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash.