TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
996
video quality, and support for mixed-mode voice and music content. Microsoft Windows Media Encoder 9 x64 and 9
versions are vulnerable to remote code execution vulnerability. By sending long exploit data to GetDetailsString()
method of WMEX.DLL activex control, and making user to visit the malicious web page an attacker can exploit this
issue to execute arbitrary code in the context of an application using the affected ActiveX control. Failed attacks will
likely cause denial-of-service conditions. Patch details are available to resolve this issue.
Signature ID: 35665
FlashGet 1.9.0.1012 (FTP Response) Buffer Overflow Vulnerability
Threat Level: SEVERE
Signature Description: FlashGet is the one of the best download manager and is very fast in downloading the files in
the internet. It uses MHT(Multi-server Hyper-threading Transportation) technique, supports various protocols like
HTTP, HTTPS, FTP, BT, MMS, MMST, RTSP, ed2k and has excellent document management features. FlashGet
versions 1.9.0.1012 and prior are vulnerable to stack based buffer overflow vulnerability. By sending a long response
value through the FTP Response code 257 (PATHNAME Created) user can overflow the buffer in FlashGet client
software. When user tries to download file from malicious ftp servers this attack will trigger. Please upgrade to the
1.9.0.1013 or later versions of FlashGet to resolve this issue.
Signature ID: 35666
Cisco Router HTTP Administration CSRF Command Execution Vulnerability
Threat Level: Warning
Signature Description: Cisco routers with the HTTP administration interface enabled are vulnerable to an CSRF
(Cross-Site Request Forgery) vulnerability that can yield remote command execution with level 15 privileges. Cross-
site request forgery (CSRF), also known as one click attack or XSRF, is a type of malicious exploit of a website
whereby unauthorized commands are transmitted from a user the website trusts. Cisco 871 router running IOS 12.4 or
any router configured to use the HTTP interface are vulnerable to remote code execution vulnerability. An attacker can
execute any command on the router with level 15 (root, same as enable) privileges by getting a target user to view a
web page that has the exploit embedded. The exploits can be modified to, on loading of the page with the exploits
embedded, to execute both exec and configure commands on the Cisco router. No patch details are available as of 22
September, 2008.
Signature ID: 35667
NuMedia Soft NMS DVD Burning SDK Activex (NMSDVDX.dll) remote code execution
vulnerability
Threat Level: Warning
Signature Description: NMS DVD Burning SDK which adds reliable, high-performance CD/DVD burning capabilities
to any type of application. This CD/DVD recording SDK supports all CD/DVD devices and provides a flexible, solid
framework for applications regardless of the development environment. Complex issues associated with writing to
CD/DVD such as threading, buffering, and non-standard device commands are handled by the SDK. NuMedia Soft
NMS DVD Burning SDK CDBurnerXP 4.2.1.976 and prior versions are vulnerable to remote code execution
vulnerability. The vulnerability is caused with the help of "EnableLog" method and "LogMessage" method present in
NMSDVDX.dll activeX control. When user opens web page containing specially formatted malformed data an attacker
can execute arbitrary code in the victim system. Users are advised to upgrade to the latest versions of NMS DVD or
alternately set a kill bit to the clsid C2FBBB5F-6FF7-4F6B-93A3-7EDB509AA938 to resolve this issue.
Signature ID: 35668
NuMedia Soft NMS DVD Burning SDK Activex (NMSDVDX.dll) remote code execution
vulnerability
Threat Level: Severe
Signature Description: NMS DVD Burning SDK which adds reliable, high-performance CD/DVD burning capabilities