TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
954
Signature ID: 35486
Cisco Webex Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-3558 Bugtraq: 30578
Signature Description: The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx
meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures meeting manager
the first time a user begins or joins a meeting. The 'atucfobj' module of WebEx meeting manager, version
20.2008.2601.4928, is a stack-based buffer overflow vulnerability. The issue occurs when processing overly long
arguments(>236 bytes) passed to the NewObject() method. By persuading the victim to visit a specially-crafted web
page, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash.
Upgrade to the latest version of WebEx Meeting Manager(20.2008.2606.4919 or later), available from the Cisco
WebEx Web site. This signature detects attack traffic using the vulnerable PROGID.
Signature ID: 35487
Cisco Webex Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3558 Bugtraq: 30578
Signature Description: The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx
meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures meeting manager
the first time a user begins or joins a meeting. The 'atucfobj' module of WebEx meeting manager, version
20.2008.2601.4928, is a stack-based buffer overflow vulnerability. The issue occurs when processing overly long
arguments(>236 bytes) passed to the NewObject() method. By persuading the victim to visit a specially-crafted web
page, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the browser to crash.
Upgrade to the latest version of WebEx Meeting Manager(20.2008.2606.4919 or later), available from the Cisco
WebEx Web site. This signature detects attack traffic using the vulnerable PROGID in UTF encoding.
Signature ID: 35488
Cisco IP Phone SIP INVITE message Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-1542
Bugtraq: 23047
Signature Description: SIP(Session Initiation Protocol) is a signaling protocol, widely used for setting up and tearing
down multimedia communication sessions such as voice and video calls over the Internet. It is an ASCII based INVITE
message is used to initiate and maintain a communication session. Cisco IP Phone 7940 and 7960 running firmware
before POS8-6-0 are a denial of service vulnerability. The issue is triggered when an attacker send a specially-crafted
INVITE message containing a malformed "sipURI" field of the Remote-Party_ID. The successful exploitation may
allow an attacker to cause the device to reboot. The issue is fixed in the version of firmware(POS8-6-0).
Administrator's are advise to update the latest version of firmware(POS8-6-0) for resolve the issue.
Signature ID: 35489
Ethereal EIGRP Dissector Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0176
Bugtraq: 9952
Signature Description: Ethereal is a network packet analyzer that supports nearly 700 network protocols. It is used to
troubleshoot network problems and find security deficiencies. It is able to analyze network traffic in two ways: by
reading packets from a live network, or by reading in network traffic saved by Packet Capture Library tools.
EIGRP(Enhanced Interior Gateway Routing Protocol) is a network protocol that lets routers exchange information
more efficiently. Ethereal, version 0.8.13 to 0.10.2, is a buffer overflow vulnerability. This issue is triggered when an