TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
958
from the user to the httpd server. When an HTML document contains an ISINDEX tag, the browser displays an input
box with searchable index. This does not mean that your HTML document is automatically a searchable index. The
ISINDEX tag just captures user keystrokes and sends those keystrokes to a gateway using the GET method. The
gateway performs the actual search. If the gateway does not exist, placing the ISINDEX tag in the HTML document
will not make it exist, although it will look to the user as though it exists. The user can certainly key in a search string.
But when the return key is hit, no search will occur. The gateway then passes the input and process it. It may generate
HTML output, which is returned to the httpd server to pass to the client, or it may save data in a file or database or send
email to someone.
Signature ID: 35501
Microsoft Word File Handling Memory Corruption
Threat Level: Severe
Industry ID: CVE-CVE-2008-0109 Bugtraq: 27656
Signature Description: Microsoft Word 2003 is prone to a memory corruption vulnerability while parsing a specially
crafted Word file. The vulnerability is caused by calculation errors while parsing certain fields within the barely
documented, File Information Block (FIB). The form looks fine when rendered inside of Sharepoint in Internet
Explorer, but when the user submits the form to his manager (via email), it is rendered incorrectly in Outlook 2007.
The problem is in the width of the repeating table and it's columns.
Signature ID: 35502
Microsoft Excel Conditional Formatting Values Handling Code Execution
Threat Level: Warning
Industry ID: CVE-CVE-2008-0117 Bugtraq: 28170
Signature Description: A client-side remote code execution vulnerability affects Excel due to the way it handles
conditional formatting values. An attacker must trick a victim into opening a malicious files like Style Record,
Formula, Rich Text, or Macro to exploit this issue. A successful attack will result in the execution of arbitrary attacker-
supplied code in the context of the currently logged-in user. The vulnerability is a result of the software's failure or
correctly handle conditional formatting values. It can lead to an exploitable stack overrun when processing conditional
formatting BIFF records from a worksheet in the Workbook stream. The vulnerable versions are Microsoft Excel 2000
SP3 and 2002 SP2, and Office 2004 and 2008 for Mac.
Signature ID: 35504
RealNetworks RealPlayer rmoc3260.dll ActiveX Control Memory Corruption
Threat Level: Warning
Industry ID: CVE-CVE-2008-1309
Bugtraq: 28157
Signature Description: RealPlayer is a popular media player. It contains rmoc3260.dll activeX control handling error
boundary conditions exist, remote attacker could use loopholes in the application procedures for Denial of service
attacks. Problem exists in rmoc3260.ll, GetSource Transport() method to construct a malicious document and lure users
to open, can lead to the collapse of the application. This issue appears to be partially addressed in RealPlayer 11.0.2.
This update provides version 6.0.10.50 of rmoc3260.dll.No remedy available as of July 2008, user can set kill bit to the
clsid CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA and 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93 to resolve
this issue.
Signature ID: 35505
RealNetworks RealPlayer rmoc3260.dll ActiveX Control Memory Corruption
Threat Level: Severe
Industry ID: CVE-CVE-2008-1309
Bugtraq: 28157
Signature Description: RealPlayer is a popular media player. It contains rmoc3260.dll activeXcontrol handling error
boundary conditions exist, remote attacker could use loopholes in the application procedures for Denial of service