Update Details

Update #2747 (06/23/2016)

Sec-package #2747 includes a new detector engine build; further details are posted here:
http://www.juniper.net/techpubs/software/management/idp/de/index.html

29 new protocol anomalies:

INFO	HTTP:INFO-LEAK:EXT-ASCII-CH	HTTP: Extended ASCII Characters Detected
INFO	HTTP:INFO-LEAK:NO-SP-AFTER-FLD	HTTP: No Space After Field Colon
INFO	HTTP:INFO-LEAK:EXPECT-OVERFLOW	HTTP: Expect Header Overflow
INFO	HTTP:INFO-LEAK:MISSG-EXPT-100	HTTP: Missing Expect 100 Continue
INFO	HTTP:INFO-LEAK:MULT-SPACES-ST	HTTP: Multiple Spaces or Tab in Status Line
INFO	HTTP:INFO-LEAK:FOLDING-HEADER	HTTP: Header Folding Detected
INFO	HTTP:INFO-LEAK:SPACE-IN-CON-LEN	HTTP: Space in Content-Length Header
INFO	HTTP:INFO-LEAK:SPACE-AFT-CHUNK	HTTP: Space After Chunk Length
MEDIUM	HTTP:INVALID:GZIP-TRANSACTION	HTTP: Invalid GZIP Transaction
INFO	ICMP6:AUDIT:INVALID-CHECKSUM	ICMPv6: Invalid ICMPv6 Checksum
INFO	ICMP6:AUDIT:INVALID-CODE	ICMPv6: Invalid ICMPv6 Code
INFO	ICMP6:AUDIT:INVALID-TYPE	ICMPv6: Invalid ICMPv6 Type
INFO	ICMP6:AUDIT:REQUEST-RESEND	ICMPv6: Echo Request Resent
INFO	ICMP6:EXPLOIT:DIFF-LEN-IN-RSD	ICMPv6: Echo Request Resent w/Different Length
INFO	ICMP6:AUDIT:RESP-WITHOUT-REQ	ICMPv6: Echo Reply Without Request
INFO	ICMP6:EXPLOIT:DIFF-LEN-IN-RESP	ICMPv6: Echo Reply Resent w/Different Length
INFO	ICMP6:EXPLOIT:FLOOD	ICMPv6: Flood
INFO	HTTP:INFO-LEAK:HTTP-VERSION-NT	HTTP: Version Not Implemented
INFO	HTTP:INFO-LEAK:BAD-REASON-PHRS	HTTP: Bad Reason Phrase Detected
INFO	HTTP:INFO-LEAK:MISSING-RES-CODE	HTTP: No Response Code Detected
INFO	HTTP:INFO-LEAK:MISSG-LOCATN-3XX	HTTP: Missing Location 3XX
INFO	HTTP:INFO-LEAK:MISSG-RANGE-206	HTTP: Missing Range 206
INFO	HTTP:INFO-LEAK:MISSING-WWW-AUTH	HTTP: MISSING_WWW_AUTHENTICATE_401
INFO	HTTP:INFO-LEAK:MISSG-PROXY-AUT	HTTP: Missing Proxy Authenticate 407
INFO	HTTP:INFO-LEAK:LOCATION-OF	HTTP: Location Header Length Overflow
INFO	HTTP:INFO-LEAK:RANGE-OVERFLOW	HTTP: Range Header Overflow
INFO	HTTP:INFO-LEAK:WWW-AUTH-OVFLOW	HTTP: Www-Authenticate Header Overflow
INFO	HTTP:INFO-LEAK:PROXY-AUTH-OF	HTTP: Proxy-Authenticate Header Overflow
INFO	HTTP:INFO-LEAK:MULT-TRANS-ENC	HTTP: Multiple Transfer Encodings

122 updated signatures:

MEDIUM	SMTP:SYM-NESTED-ZIP	SMTP: Symantec Brightmail AntiSpam Nested Zip Handling Denial of Service
HIGH	HTTP:DOS:MUL-PRODUCTS	HTTP: Multiple Denial Of Service Vilnerability (STC)
HIGH	SMTP:VULN:IMG-PARSE-BOF	SMTP: IBM Domino Image File Parsing CVE-2015-5040 Buffer Overflow
HIGH	SMTP:REALPLAYER-WAV-BO	SMTP: RealNetworks RealPlayer WAV File Processing Buffer Overflow
HIGH	SMTP:OVERFLOW:IBM-BMP-COLOR	SMTP: IBM Lotus Domino BMP Color Palette Stack Buffer Overflow1
MEDIUM	HTTP:STC:ADOBE:PDF-EVASIVE-FF	HTTP: Adobe Reader PDF Evasive File Format
HIGH	SMTP:EXPLOIT:JPXDECODE-RCE	SMTP: Adobe PDF JPXDecode Remote Code Execution
HIGH	SMTP:MAL:NAV-ZIP-BOMB	SMTP: Norton Antivirus Compressed File Overflow
HIGH	SMTP:MULTIPLE-HYD-BOF	APP: Multiple SMTP Header Buffer Overflow
HIGH	HTTP:OVERFLOW:CAM2PC	HTTP: CAM2PC Multiple Files Buffer Overflow
HIGH	HTTP:STC:DL:WORD-CLSID	HTTP: Microsoft Word Dangerous Embedded ClassID
HIGH	HTTP:STC:DL:ACDSEE-XBM-WIDTH	HTTP: ACD Systems ACDSee Products XBM File Handling Buffer Overflow
MEDIUM	HTTP:STC:IE:CHAN-SCRIPT	HTTP: Script in CHANNEL Tag
HIGH	HTTP:STC:IE:CVE-2015-0032-RCE	HTTP: Microsoft Internet Explorer CVE-2015-0032 Remote Code Execution
HIGH	HTTP:STC:DL:WPD-BO	HTTP: Microsoft Office Word and WordPerfect Converter Buffer Overflow
HIGH	APP:NOVELL:GROUPWISEIA-ICAL-DOS	APP: Novell GroupWise Internet Agent iCalendar Parsing Denial of Service
MEDIUM	HTTP:STC:IE:HTML-SANITZ	HTTP: Microsoft Internet Explorer HTML Sanitization Vulnerability
INFO	HTTP:STC:IMG:OFFEND-TG	HTTP: Common Offensive Picture (2)
HIGH	HTTP:STC:IE:CVE-2015-6059-ID	HTTP: Microsoft Internet Explorer CVE-2015-6059 Information Disclosure
HIGH	HTTP:STC:STREAM:QT-DESC-ATOM	HTTP: Apple QuickTime Image Descriptor Atom Parsing Memory Corruption
HIGH	POP3:MS-WORD-BULLET-MC	POP3: Microsoft Word Bulleted List Handling Remote Memory Corruption
HIGH	HTTP:STC:DL:ORBIT-DOWNLOADER-OF	HTTP: Orbit Downloader Download Failed Buffer Overflow
MEDIUM	HTTP:STC:IE:DND-IMG	HTTP: Internet Explorer Drag-and-Drop Evasion
HIGH	SMTP:MS-WIN-SMTP-DOS	SMTP: Microsoft Windows SMTP Denial Of Service
HIGH	SMTP:MS-OUTLOOK-EMAIL-RCE-1	SMTP: Microsoft Outlook Email Parsing Remote Code Execution 1
HIGH	HTTP:STC:IE:CACHED-OBJ-RCE	HTTP: Microsoft Internet Explorer Cached Object Remote Code Execution
HIGH	APP:TROLLTECH-QT-BMP-OF	APP: Trolltech Qt BMP Handling Overflow
HIGH	HTTP:STC:DL:MS-THEME-RCE	HTTP: Microsoft Windows Theme File Remote Code Execution
HIGH	HTTP:STC:STREAM:QT-MAL-SMIL	HTTP: Apple QuickTime Malformed SMIL File
HIGH	SPYWARE:LIGATS	SPYWARE: Ligats
HIGH	HTTP:STC:IE:10-UAF-MC	HTTP: Microsoft Internet Explorer 10 Use After Free Memory Corruption
MEDIUM	SMTP:EXCHANGE:ICAL-DOS	SMTP: Microsoft Exchange Malformed iCal Denial of Service
HIGH	POP3:LOTUS-DOC-VIEWER	POP3: IBM Lotus Notes DOC Attachment Viewer Buffer Overflow
HIGH	HTTP:STC:ATL:DIRECTSHOW	HTTP: Microsoft DirectShow Vulnerable ActiveX Control (ATL)
CRITICAL	SMTP:EXCHANGE:EXCH-TNEF-BO	SMTP: Microsoft Exchange TNEF Attachment Buffer Overflow
HIGH	HTTP:STC:DL:VISIWAVE-SITE-BOF	HTTP: VisiWave Site Survey vwr File Processing Buffer Overflow
MEDIUM	HTTP:MAL-REDIRECT-EXP-100	HTTP:MAL-REDIRECT Infection-100
HIGH	HTTP:STC:DL:DOT-NET-INFO-DISC	HTTP: Microsoft .NET Framework WinForms Information Disclosure
HIGH	POP3:MAL-LOTUS-APPLIX	POP3: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow
HIGH	HTTP:STC:JAVA:JAX-WS-RCE	HTTP: Oracle Java Applet JAX-WS Class Handling Arbitrary Code Execution
HIGH	SMTP:MAL:LOTUS-MAILTO	SMTP: IBM Lotus Domino nrouter.exe iCalendar MAILTO Stack Buffer Overflow
HIGH	HTTP:STC:JAVA:DOCBASE-BOF	HTTP: Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow
HIGH	SMTP:MAL:LOTUS-APPLIX	SMTP: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow
MEDIUM	APP:WMP:DSHOW-BIGCHUNK-SMTP	APP: Windows Media Player DirectShow Vulnerability (SMTP)
HIGH	APP:MISC:HP-AUTOKEYLIB-CE	APP: HP Autonomy KeyView Library Remote Code Execution
HIGH	HTTP:STC:DL:OFFICE-PCT	HTTP: Microsoft Office PICT Graphics Converter Remote Code Execution
HIGH	HTTP:STC:ADOBE:BMP-HEADER	HTTP: Adobe Multiple Products BMP Image Header Handling Buffer Overflow
HIGH	SMTP:MAL:IBM-ATTACHMENT-VIEWER	SMTP: IBM Lotus Notes Attachment Viewer UUE File Handling Buffer Overflow
HIGH	HTTP:VMWARE-VSPHERE-DOS	HTTP: Vmware Vsphere Host Daemon Denial Of Service
HIGH	HTTP:STC:IMG:OFFICE-FLASHPIX2	HTTP: Microsoft Office Malicious FlashPix Image (2)
MEDIUM	HTTP:STC:DL:AOL-RTX	HTTP: AOL Crafted RTX File Handling Overflow
HIGH	HTTP:STC:DL:WORD-STYLE-EXEC	HTTP: Microsoft Word Cascading Style Sheet Processing Code Execution
HIGH	SMTP:OUTLOOK:TZID-OF	SMTP: Outlook TZID Buffer Overflow
HIGH	SMTP:MAL:LOTUS-LZH-BOF	SMTP: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
HIGH	HTTP:STC:DL:MAL-WMV-MEDIA	HTTP: Windows Media Player Malformed Media Player File Code Execution
HIGH	HTTP:STC:IE:CVE-2013-3873-MC	HTTP: Microsoft Internet Explorer CVE-2013-3873 Memory Corruption
HIGH	SMTP:DOS:CLAM-TNEF-DOS	SMTP: Clam AntiVirus TNEF Processor Denial of Service
HIGH	SMTP:OUTLOOK:MIME-PARSE-UAF	SMTP: Microsoft Outlook MIME Email Message Parsing Remote Code Execution
MEDIUM	SMTP:OUTLOOK:TNEF-INT-OF	SMTP: TNEF Integer Overflow
HIGH	SMTP:EXPLOIT:QT-PICT-FILE-MC	SMTP: Apple QuickTime PICT File Processing Memory Corruption
HIGH	POP3:IBM-NOTES-PNG-OVF	POP3: IBM Notes PNG Image Parsing Integer Overflow
HIGH	HTTP:STC:WINDOWS-FAX-COVER	HTTP: Microsoft Windows Fax Services Cover Page Editor Heap Buffer Overflow
HIGH	HTTP:STC:DL:OTF-FONT-INT	HTTP: Embedded Malformed OpenType Font Engine Remote Code Execution
MEDIUM	SMTP:OVERFLOW:MHTML-OF	SMTP: Outlook Express MHTML Overflow
HIGH	APP:ZLIB-COMPRES-LIB-DOS	APP: Zlib Compression Library Denial Of Service
MEDIUM	HTTP:STC:DL:GIF-AND-PHPFUNC	HTTP: GIF Header With Obfuscated PHP Code
MEDIUM	SMTP:MS-XLS-BIFF-REC-RCE	SMTP: Microsoft Excel Formula Biff Record Remote Code Execution
HIGH	SMTP:DOS:MS-MALWARE-ENGINE	SMTP: Microsoft Malware Protection Engine File Processing Denial of Service
CRITICAL	HTTP:STC:MOZILLA:QUERYINT-OF	HTTP: Metasploit Firefox QueryInterface Buffer Overflow
HIGH	APP:NOVELL:GROUPWISE-ADDRESSBK	APP: Novell GroupWise Addressbook Parsing Integer Overflow
HIGH	HTTP:STC:MICROSOFT-GDI-TIFF-RCE	HTTP: Multiple Microsoft Products TIFF Image Parsing Remote Code Execution
MEDIUM	HTTP:STC:IE:HTML-RELOAD-CORRUPT	HTTP: Microsoft Internet Explorer 7 HTML Object Memory Corruption
HIGH	POP3:DOS:ULTRAISO-CUE-BO	POP3: UltraISO Cue File Stack Buffer Overflow
HIGH	POP3:APPLE-ICAL-PARAM-BO	POP3: Apple iCal Trigger and Count Parameters Integer Overflow
MEDIUM	HTTP:STC:DL:MSSQL-BACKUP-MEM	HTTP: Microsoft SQL Server Backup Restoring Memory Corruption
MEDIUM	POP3:APPLE-ICAL-ATTACH-DOS	POP3: Apple iCal ATTACH Parameter Denial Of Service
HIGH	HTTP:STC:DL:SEARCHMS-EXEC	HTTP: Microsoft Windows Explorer Search-ms File Parsing Code Execution
HIGH	HTTP:STC:OUTLOOK:WAB-BOF	HTTP: Outlook Express Address Book Overflow
HIGH	HTTP:STC:DL:CISCO-FORMAT-PLY-MC	HTTP: Cisco WebEx Recording Format Player atas32.dll Memory Corruption
HIGH	HTTP:STC:ADOBE:MAL-BMP	HTTP: Adobe Acrobat/Reader PDF Malformed Bitmap Image File (BMP)
HIGH	HTTP:STC:DL:OFFICE-VBA-UAF	HTTP: Microsoft Office VBA Module Stream Use after Free
HIGH	SMTP:OVERFLOW:APPLE-PICT-MC	SMTP: Apple QuickDraw PICT Images ARGB Records Handling Memory Corruption
HIGH	HTTP:OVERFLOW:XNVIEW-IMAGE-FILE	HTTP: XnView Multiple Image Files Heap Overflow
MEDIUM	SMTP:EXPLOIT:AVI-RIGHT-CLICK	SMTP: Windows AVI Right Click DOS
HIGH	SMTP:OVERFLOW:MS-WMF-OF	SMTP: Microsoft Windows MetaFile AttemptWrite Function Integer Overflow
HIGH	SMTP:VULN:IBM-LOTUS-GIF-PARS-CE	SMTP: IBM Domino GIF Processing Remote Code Execution
HIGH	HTTP:STC:IE:OBJECTS-MC	HTTP: Microsoft Internet Explorer Objects Handling Memory Corruption
MEDIUM	SMTP:DOS:MS-XL-2003-NULL-DOS	SMTP: Microsoft Excel 2003 NULL Pointer Dereference Denial of Service
MEDIUM	SMTP:OUTLOOK:VEVENT-MEMCORRUPT	SMTP: Microsoft Outlook iCal Meeting Request VEVENT Record Memory Corruption
MEDIUM	SMTP:EXPLOIT:MAL-AU-DOS	SMTP: Microsoft Media Player Malformed .au Divide by Zero DOS
HIGH	APP:ORACLE:OOXML-TAG	APP: Oracle Outside In OOXML Relationship Tag Parsing Stack Buffer Overflow
HIGH	DB:ORACLE:WEBLOGIC-SERVER	DB: Oracle WebLogic Server Session Fixation
CRITICAL	TROJAN:APACHE-DARKLEECH	TROJAN: Apache Web Servers Darkleech Malware Activity
MEDIUM	HTTP:STC:IE:MULTI-ACTION	HTTP: Multiple MSHTML Action Handlers
HIGH	HTTP:STC:IE:OBJECT-CODE-EXEC	HTTP: Microsoft Internet Explorer Object Remote Code Execution
HIGH	HTTP:STC:IE:CVE-2013-3153-MC	HTTP: Microsoft Internet Explorer CVE-2013-3153 Memory Corruption
HIGH	SMTP:EMAIL:LOTUS-COLPALETTE-BO	SMTP: IBM Lotus Domino BMP Color Palette Stack Buffer Overflow
HIGH	SMTP:FFSMOUNTFS-BOF	SMTP: Mac OS X and FreeBSD ffs_mountfs Routine Buffer Overflow
MEDIUM	HTTP:STC:MOZILLA:XUL-NULL-MENU	HTTP: Mozilla Firefox XUL NULL Menu Denial of Service
MEDIUM	WORM:NIMDA:EMAIL-PROP	WORM: Nimda Email Propagation
HIGH	HTTP:STC:MS-DOTNET-NAMESPACE-BO	HTTP: Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow
HIGH	HTTP:STC:JAVA:TRUE-TYPE-FONT-OF	HTTP: Oracle Java Runtime True Type Font IDEF Opcode Heap Buffer Overflow
HIGH	APP:REAL:RMP-FILE-OF	APP: RealNetworks RealPlayer RMP File Buffer Overflow
MEDIUM	HTTP:STC:IE:CVE-2014-6345-INFO	HTTP: Microsoft Internet Explorer CVE-2014-6345 Information Disclosure
HIGH	SPYWARE:KL:WINVESTIGATOR	SPYWARE: Winvestigator
HIGH	SMTP:IBM-LOTUS-INT-OVERFLOW	SMTP: IBM Lotus Domino BMP Parsing Integer Overflow
HIGH	HTTP:STC:DL:VLC-XSPF-MEM	HTTP: VideoLAN VLC Media Player XSPF Memory Corruption
HIGH	HTTP:STC:ACTIVEX:MSCOMCTL-OCX	HTTP: Microsoft Windows Common Control 'MSCOMCTL.OCX' Unsafe ActiveX Control
HIGH	HTTP:STC:DL:MAL-HLP-CHM	HTTP: Malformed Microsoft HLP/CHM File
MEDIUM	SMTP:EXCHANGE:CALENDAR-HEAP	SMTP: Microsoft Exchange Calendar Request Heap Overflow
HIGH	HTTP:STC:IE:6.0-FOR-LOOP-DOS	HTTP: Microsoft Internet Explorer Malformed JavaScript for Loop Denial of Service
HIGH	HTTP:STC:QT-RTSP-LINK-OF	HTTP: Quicktime RTSP Overflow
HIGH	HTTP:STC:IE:HTML-OBJECTS-MC	HTTP: Microsoft Internet Explorer HTML Objects Variant Memory Corruption
HIGH	SMTP:EMAIL:IBM-LOTUS-NTS-WPD-BO	SMTP: IBM Lotus Notes WPD Attachment Handling Buffer Overflow
HIGH	HTTP:STC:DL:MPLAYER-SAMI	HTTP: MPlayer SAMI Subtitle sub_read_line_sami Buffer Overflow
HIGH	SMTP:MAL:LOTUS-DOC-VIEWER	SMTP: IBM Lotus Notes DOC Attachment Viewer Buffer Overflow
HIGH	SMTP:MAL:LOTUS-WPD	SMTP: IBM Lotus Notes WPD Attachment Viewer Buffer Overflow
HIGH	SMTP:MAL:LOTUS-MIF-VIEWER	SMTP: IBM Lotus Notes MIF Attachment Viewer Buffer Overflow
HIGH	APP:CLAMAV-UPX-OF-SMTP	APP: ClamAV UPX File Handling Heap Overflow (SMTP)
HIGH	HTTP:STC:IE:UNISCRIBE-FNPS-MC	HTTP: Microsoft Uniscribe Font Parsing Engine Memory Corruption
HIGH	SMTP:NOVELL-GROUPWISE-BO	SMTP: Novell GroupWise Internet Agent Buffer Overflow
MEDIUM	HTTP:STC:CSS-STATUS-BAR-SPOOF	HTTP: Multiple Browsers CSS Status Bar Spoof

1 renamed protocol anomaly:

TCP:AUDIT:DUPLICATE-SEQ-SEG-RET

TCP:AUDIT:DUP-SEQ-SEG-RETRANS

Details of the signatures included within this bulletin:

SMTP:SYM-NESTED-ZIP - SMTP: Symantec Brightmail AntiSpam Nested Zip Handling Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Symantec Brightmail. A successful attack can result in a denial-of-service condition.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

bugtraq: 14757

Affected Products:

Symantec Brightmail Anti-Spam 6.0.1
Symantec Brightmail Anti-Spam 6.0.2
Symantec Mail Security 8200 Series Appliance

HTTP:DOS:MUL-PRODUCTS - HTTP: Multiple Denial Of Service Vilnerability (STC)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability Multiple Products. A successful attack can result in a denial-of-service condition.

Supported On:

srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

SMTP:VULN:IMG-PARSE-BOF - SMTP: IBM Domino Image File Parsing CVE-2015-5040 Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM Domino. The vulnerability is due to improper bounds checking when parsing image files. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the running application.

Supported On:

References:

Affected Products:

ibm domino 8.5.3
ibm domino 8.5.1.5
ibm domino 9.0.1.4
ibm domino 8.5.3.2
ibm domino 8.5.2
ibm domino 8.5.1.2
ibm domino 8.5.3.3
ibm domino 8.5.1
ibm domino 8.5.1.3
ibm domino 9.0.1.2
ibm domino 8.5.0
ibm domino 9.0.1.3
ibm domino 8.5.1.1
ibm domino 8.5.2.1
ibm domino 9.0.1.1
ibm domino 8.5.2.3
ibm domino 8.5.2.2
ibm domino 8.5.0.1
ibm domino 8.5.2.4
ibm domino 8.5.3.4
ibm domino 8.5.3.5
ibm domino 9.0.1
ibm domino 8.5.3.6
ibm domino 9.0.0
ibm domino 8.5.1.4
ibm domino 8.5.3.1

SMTP:REALPLAYER-WAV-BO - SMTP: RealNetworks RealPlayer WAV File Processing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in RealNetworks RealPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.

Supported On:

References:

cve: CVE-2005-0611
bugtraq: 12697

Affected Products:

Real Networks RealOne Player 6.0.11 .830
Real Networks RealOne Player 6.0.11 .841
Real Networks RealOne Player 6.0.11 .853
Real Networks RealOne Player for OSX 9.0.0 .297
Real Networks RealOne Player for OSX 9.0.0 .288
Red Hat Enterprise Linux ES 3
Red Hat Enterprise Linux WS 3
Real Networks RealPlayer 8.0.0 Unix
Real Networks RealOne Player 1.0.0
Real Networks RealOne Player 6.0.11 .868
Real Networks RealPlayer 10.0.0
Red Hat Enterprise Linux AS 3
Real Networks RealPlayer 8.0.0 Mac
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Red Hat Desktop 3.0.0
Real Networks RealPlayer 10.5.0 V6.0.12.1056
Real Networks RealPlayer 10.5.0 V6.0.12.1053
Real Networks RealPlayer 10.5.0 V6.0.12.1040
Real Networks RealPlayer 10 for Mac OS
Real Networks RealPlayer 10 for Linux
Real Networks Helix Player for Linux 1.0.0
Real Networks RealPlayer Enterprise 1.1.0
Real Networks RealPlayer Enterprise 1.2.0
Real Networks RealPlayer Enterprise 1.5.0
Real Networks RealPlayer Enterprise 1.6.0
Real Networks RealPlayer Enterprise
Real Networks RealOne Player 6.0.11 .840
Real Networks RealPlayer For Unix 10.0.3
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealOne Player 6.0.11 .872
Real Networks RealPlayer 8.0.0 Win32
Real Networks RealOne Player 6.0.11 .818

SMTP:OVERFLOW:IBM-BMP-COLOR - SMTP: IBM Lotus Domino BMP Color Palette Stack Buffer Overflow1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Lotus Domino. Successful exploitation could allow an attacker to launch further attacks.

Supported On:

References:

cve: CVE-2015-1903

Affected Products:

ibm domino 8.5.3
ibm domino 9.0.1
ibm domino 8.5.2
ibm domino 9.0.0
ibm domino 8.5.1
ibm domino 8.5.0

HTTP:STC:ADOBE:PDF-EVASIVE-FF - HTTP: Adobe Reader PDF Evasive File Format

Severity: MEDIUM

Description:

This signature detects attempts to bypass security devices using the obfuscated value of names and strings in a PDF document. Attackers can bypass security devices by using this method.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, idp-4.0.110090831, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

References:

SMTP:MAL:NAV-ZIP-BOMB - SMTP: Norton Antivirus Compressed File Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Norton Antivirus 2002 and 2003. A successful attack could result in a denial of service of the mail server processing a malicious file attachment sent via SMTP.

Supported On:

References:

cve: CVE-2004-0683

Affected Products:

symantec norton_antivirus 2002
symantec norton_antivirus 2003
symantec norton_antivirus 2003 (:pro)

SMTP:MULTIPLE-HYD-BOF - APP: Multiple SMTP Header Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Multiple SMTP Header. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.110090709, idp-4.0.110090831, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, mx-11.4, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, idp-5.1.110160603, idp-5.1.110151117, srx-11.4

References:

cve: CVE-2011-2663
cve: CVE-2010-4715
bugtraq: 44732
cve: CVE-2003-0113
bugtraq: 7419
bugtraq: 44732
cve: CVE-2011-2662

Affected Products:

novell groupwise 8.0 (hp1)
novell groupwise 8.0 (hp2)

HTTP:OVERFLOW:CAM2PC - HTTP: CAM2PC Multiple Files Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in CAM2PC. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted daemon.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

SMTP:VULN:IBM-LOTUS-GIF-PARS-CE - SMTP: IBM Domino GIF Processing Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Lotus Domino Server. A successful exploit can lead to remote code execution.

Supported On:

References:

cve: CVE-2015-0135

Affected Products:

ibm domino 8.5.1
ibm domino 8.5.0
ibm domino 9.0.0
ibm domino 9.0.1
ibm domino 8.5.2

HTTP:STC:DL:ACDSEE-XBM-WIDTH - HTTP: ACD Systems ACDSee Products XBM File Handling Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in ACD Systems ACDSee. A code execution vulnerability exists in multiple ACDSee products. The flaw is due to a boundary error when processing crafted X Bitmap Graphic (XBM) files. A remote unauthenticated attacker can exploit this vulnerability by persuading the target user to open a malicious XBM file with the affected application. A successful attack could allow for arbitrary code being injected and executed with the privileges of the currently logged on user.

Supported On:

References:

bugtraq: 37685

Affected Products:

ACD Systems Inc ACDSee Photo Manager 8.1
ACD Systems Inc ACDSee Photo Editor 4.0
ACD Systems Inc ACDSee Photo Editor 2008 build 286
ACD Systems Inc ACDSee Photo Manager 8.1 build 99
ACD Systems Inc ACDSee Photo Manager 9.0 build 108
ACD Systems Inc ACDSee Photo Manager 9.0

HTTP:STC:IE:CHAN-SCRIPT - HTTP: Script in CHANNEL Tag

Severity: MEDIUM

Description:

This signature detects attempts to exploit the cross-domain vulnerability in Microsoft Internet Explorer. Attackers can create a malicious Web page that, when viewed by a user subscribed to an MSN channel, enables them to obtain information, remotely execute arbitrary code, or take complete control of the target system.

Supported On:

References:

cve: CVE-2005-0056
bugtraq: 12427
url: http://www.kb.cert.org/vuls/id/823971
url: http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx

Affected Products:

Nortel Networks Symposium Web Center Portal (SWCP)
Microsoft Internet Explorer 5.5 SP1
Nortel Networks Optivity Telephony Manager (OTM)
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.5
Nortel Networks IP softphone 2050
Nortel Networks Mobile Voice Client 2050
Microsoft Internet Explorer 5.0.1 SP1
Nortel Networks Symposium Web Client

HTTP:STC:IE:CVE-2015-0032-RCE - HTTP: Microsoft Internet Explorer CVE-2015-0032 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful exploit can lead to remote code execution.

Supported On:

References:

cve: CVE-2015-0032

Affected Products:

microsoft internet_explorer 8
microsoft vbscript 5.6
microsoft internet_explorer 9
microsoft internet_explorer 10
microsoft vbscript 5.7
microsoft vbscript 5.8
microsoft internet_explorer 11

HTTP:STC:DL:WPD-BO - HTTP: Microsoft Office Word and WordPerfect Converter Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Office Word and WordPerfect Converter. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

References:

cve: CVE-2009-0088
bugtraq: 34469

Affected Products:

Avaya Messaging Application Server MM 3.1
Microsoft Office Converter Pack
Microsoft Word 2000 SP3
Microsoft Word 2000 SR1
Microsoft Word 2000 Sr1a
Microsoft Word 2000 SP2
Microsoft Word 2000
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server
Avaya Messaging Application Server MM 3.0

APP:NOVELL:GROUPWISEIA-ICAL-DOS - APP: Novell GroupWise Internet Agent iCalendar Parsing Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Novell GroupWise Internet Agent. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2011-3827
bugtraq: 55574

Affected Products:

novell groupwise 8.0
novell groupwise up to 8.00 (hp1)
novell groupwise up to 8.00 (hp2)
novell groupwise up to 8.00 (hp3)

HTTP:STC:IE:HTML-SANITZ - HTTP: Microsoft Internet Explorer HTML Sanitization Vulnerability

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 53842
cve: CVE-2012-1858
cve: CVE-2012-2520

Affected Products:

Microsoft Groove Server 2010
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft SharePoint Foundation 2010
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2010 SP1
Microsoft InfoPath 2007 SP3
Microsoft InfoPath 2010 (32-bit editions)
Microsoft InfoPath 2010 SP1 (32-bit editions)
Microsoft InfoPath 2010 (64-bit editions)
Microsoft InfoPath 2007 SP2
Microsoft Internet Explorer 9
Microsoft SharePoint Server 2010 SP1
Microsoft Groove Server 2010 SP1
Microsoft SharePoint Foundation 2010 SP1
Microsoft Office SharePoint Server 2007 SP2
Microsoft Office SharePoint Server 2007 SP3
Microsoft Office SharePoint Server 2007 SP2 (64-bit)
Microsoft Office SharePoint Server 2007 SP3 (64-bit)
Microsoft Office Communicator 2007 R2
Microsoft Internet Explorer 8
Microsoft Lync 2010 Attendant (32-bit)
Microsoft Lync 2010 Attendant (64-bit)
Microsoft Windows SharePoint Services 3.0 SP2
Microsoft SharePoint Server 2010 Enterprise Edition
Microsoft SharePoint Server 2010 Standard Edition

HTTP:STC:DL:GIF-AND-PHPFUNC - HTTP: GIF Header With Obfuscated PHP Code

Severity: MEDIUM

Description:

This signature detects scripts obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.

Supported On:

HTTP:STC:IMG:OFFEND-TG - HTTP: Common Offensive Picture (2)

Severity: INFO

Description:

This signature detects a common offensive .jpeg image found on the Internet.

Supported On:

References:

url: http://www.insub.org/

HTTP:STC:IE:CVE-2015-6059-ID - HTTP: Microsoft Internet Explorer CVE-2015-6059 Information Disclosure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to information disclosure.

Supported On:

References:

cve: CVE-2015-6059

Affected Products:

microsoft internet_explorer 8
microsoft vbscript 5.6
microsoft internet_explorer 9
microsoft internet_explorer 10
microsoft vbscript 5.7
microsoft vbscript 5.8
microsoft internet_explorer 11
microsoft jscript 5.7
microsoft jscript 5.8
microsoft jscript 5.6

HTTP:STC:STREAM:QT-DESC-ATOM - HTTP: Apple QuickTime Image Descriptor Atom Parsing Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple QuickTime Player. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2008-0033
bugtraq: 27299

Affected Products:

Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.0
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.1

POP3:MS-WORD-BULLET-MC - POP3: Microsoft Word Bulleted List Handling Remote Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Word 6 text converter. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

References:

bugtraq: 29769
cve: CVE-2009-0087

Affected Products:

microsoft windows_xp (sp2)
microsoft windows_server 2003 (sp2)
microsoft windows_srv 2003 (-:x64)
microsoft windows_srv 2003 (-)
microsoft windows 2000 (sp4)
microsoft windows_srv 2003 (sp2:itanium)
microsoft windows_xp (sp2:pro_x64)
microsoft windows_srv 2003 (sp1)
microsoft windows_srv 2003 (sp1:itanium)
microsoft windows_server 2003 (sp1)
microsoft windows_srv 2003 (sp2:x64)
microsoft office_word 2000 (sp3)
microsoft office_word 2002 (sp3)
microsoft windows_xp (:pro_x64)
microsoft windows_xp (sp3)
microsoft windows_srv 2003 (sp2)

APP:MISC:HP-AUTOKEYLIB-CE - APP: HP Autonomy KeyView Library Remote Code Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against HP Autonomy Key Library application. Successful exploitation could allow an attacker to execute arbitrary codes into the context of the running application.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

DB:ORACLE:WEBLOGIC-SERVER - DB: Oracle WebLogic Server Session Fixation

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Oracle WebLogic Server. A successful attack can result in unauthorized access to the affected product.

Supported On:

References:

cve: CVE-2010-4437
bugtraq: 45852

Affected Products:

Oracle Weblogic Server 9.2 MP2
Oracle Weblogic Server 10
Oracle Weblogic Server 10.0 MP2
Oracle Weblogic Server 10.3.3
Oracle Weblogic Server 10.3
Oracle Weblogic Server 10.0 MP1
Oracle Weblogic Server 9.0 GA
Oracle Weblogic Server 9.1 GA
Oracle Weblogic Server 9.2
Oracle Weblogic Server 9.2.4
Oracle Weblogic Server 9.2 MP3
Oracle Weblogic Server 10.3.2
Oracle Weblogic Server 10.1
Oracle Weblogic Server 10.3.1
Oracle Weblogic Server 9.1
Oracle Weblogic Server 9.2 MP1

HTTP:STC:DL:OFFICE-PCT - HTTP: Microsoft Office PICT Graphics Converter Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2010-3946
bugtraq: 45273

Affected Products:

Microsoft Office 2003 SP3
Microsoft Office XP
Microsoft Office XP SP3
Microsoft Office XP SP2
Microsoft Office 2003 SP1
Microsoft Office XP SP1
Microsoft Office 2003 SP2
Microsoft Office Converter Pack
Microsoft Works 9.0
Microsoft Office 2003

HTTP:STC:DL:ORBIT-DOWNLOADER-OF - HTTP: Orbit Downloader Download Failed Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Orbit Downloader. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.

Supported On:

References:

cve: CVE-2008-1602
bugtraq: 28541

Affected Products:

Orbit Downloader 2.6.3
Orbit Downloader 2.6.4

HTTP:STC:IE:CACHED-OBJ-RCE - HTTP: Microsoft Internet Explorer Cached Object Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution. IE version 9 is affected by this vulnerability.

Supported On:

References:

cve: CVE-2012-1522
bugtraq: 54293

Affected Products:

Avaya Conferencing Standard Edition 6.0 SP1
Microsoft Internet Explorer 9
Avaya Conferencing Standard Edition 6.0

APP:TROLLTECH-QT-BMP-OF - APP: Trolltech Qt BMP Handling Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a flaw in the Trolltech Qt image handling subsystem, which is used by the KDE Graphical Environment, commonly found in Linux and other Unix-based systems. A known vulnerability exists in the read_dib function that does not perform proper bounds checking of RLE data from a BMP file. An attacker could exploit this flaw to crash a system or possibly install malicious software when a user attempts to view a specially crafted BMP.

Supported On:

References:

cve: CVE-2004-0691
url: http://www.juniper.net/security/auto/vulnerabilities/vuln1718.html
url: http://rhn.redhat.com/errata/RHSA-2004-414.html
bugtraq: 10977

Affected Products:

Red Hat Linux 7.3.0 I686
Trolltech Qt 3.3.2
Red Hat Advanced Workstation for the Itanium Processor 2.1.0
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux ES 3
Red Hat Enterprise Linux WS 3
Trolltech Qt 3.3.0 .0
Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
Trolltech Qt 3.0.3
Red Hat Linux 7.3.0
Red Hat Linux 7.3.0 I386
Red Hat Linux 9.0.0 I386
Red Hat Enterprise Linux ES 2.1
Trolltech Qt 2.3.1
Avaya Intuity LX
Trolltech Qt 3.0.0
Avaya Modular Messaging (MSS) 1.1.0
Avaya Modular Messaging (MSS) 2.0.0
Avaya MN100
Gentoo Linux 1.4.0
Red Hat Fedora Core1
Trolltech Qt 3.1.2
Red Hat Desktop 3.0.0
SuSE Linux Personal 9.0.0
Trolltech Qt 3.1.1
Trolltech Qt 3.0.5
Trolltech Qt 3.2.1
SuSE Linux 8.1.0
SuSE Linux Personal 8.2.0
Sun Java Desktop System (JDS) 2003
Trolltech Qt 3.1.0
Red Hat Enterprise Linux WS 2.1
Red Hat Enterprise Linux AS 2.1
SuSE SUSE Linux Enterprise Server 8
Trolltech Qt 3.3.1
Sun Java Desktop System (JDS) 2.0.0
Red Hat Enterprise Linux WS 2.1 IA64
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux ES 2.1 IA64
Trolltech Qt 3.2.3
SuSE Linux Desktop 1.0.0

HTTP:STC:DL:MS-THEME-RCE - HTTP: Microsoft Windows Theme File Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Theme. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

References:

cve: CVE-2013-0810

Affected Products:

microsoft windows_server_2003 (sp2:x64)
microsoft windows_xp (sp3)
microsoft windows_xp - (sp2:x64)
microsoft windows_server_2008 (sp2:x86)
microsoft windows_server_2008 (sp2:itanium)
microsoft windows_server_2003 (sp2:itanium)
microsoft windows_server_2008 (sp2:x64)
microsoft windows_vista (sp2:x64)

HTTP:STC:STREAM:QT-MAL-SMIL - HTTP: Apple QuickTime Malformed SMIL File

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple QuickTime media player. Ir is due to a boundary error in the QuickTimeStreaming.qtx file while writing a debug log error. Remote attackers can exploit this by enticing target users to open a crafted SMIL file containing an overly long URL. Successful exploitation can result in arbitrary code injection and execution with the privileges of the logged in user. In case of an unsuccessful exploit, the application would terminate abnormally.

Supported On:

References:

cve: CVE-2010-1799
bugtraq: 41962

Affected Products:

Apple QuickTime Player 7.6.6
Apple QuickTime Player 7.1
Apple QuickTime Player 7.2.1
Apple QuickTime Player 7.3.1.70
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.6.6 (1671)
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.6
Apple QuickTime Player 7.4
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2.0
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.6.2
Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.6.5
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.0.8
Apple QuickTime Player 7.5
Apple QuickTime Player 7.6.4
Apple QuickTime Player 7.0.0

SPYWARE:LIGATS - SPYWARE: Ligats

Severity: HIGH

Description:

This signature detects the outbound Web activity of the spyware Ligats. The spyware Ligats is a Trojan data-miner tool that can be used by attackers to analyze your private data.

Supported On:

References:

url: http://www.symantec.com/security_response/writeup.jsp?docid=2008-011616-5036-99

HTTP:STC:IE:10-UAF-MC - HTTP: Microsoft Internet Explorer 10 Use After Free Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer 10. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2013-2551

Affected Products:

microsoft internet_explorer 6
microsoft internet_explorer 9
microsoft internet_explorer 8
microsoft internet_explorer 7
microsoft internet_explorer 10

SMTP:EXCHANGE:ICAL-DOS - SMTP: Microsoft Exchange Malformed iCal Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Exchange Server. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2007-0039
bugtraq: 23808

Affected Products:

Avaya Messaging Application Server MM 3.1
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2000 SP1
Microsoft Exchange Server 2000 SP2
Microsoft Exchange Server 2000
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2007
Microsoft Exchange Server 2003
Avaya Messaging Application Server MM 2.0
Microsoft Exchange Server 2003 SP2
Avaya Messaging Application Server
Avaya Messaging Application Server MM 3.0

POP3:LOTUS-DOC-VIEWER - POP3: IBM Lotus Notes DOC Attachment Viewer Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IBM Lotus Notes DOC Attachment Viewer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2007-5544
bugtraq: 26146

Affected Products:

ibm lotus_domino 6.5.5
ibm lotus_domino 7.0.2
ibm lotus_domino 7.0
ibm lotus_domino 6.5.5 (:fp2)
ibm lotus_domino 6.5.5 (:fp1)
ibm lotus_notes up to 6.5.5
ibm lotus_notes 7.0.2
ibm lotus_notes 7.0.1
ibm lotus_notes 7.0.0
ibm lotus_domino 7.0.1

HTTP:STC:ATL:DIRECTSHOW - HTTP: Microsoft DirectShow Vulnerable ActiveX Control (ATL)

Severity: HIGH

Description:

This signature detects a common ActiveX control that is vulnerable to the Microsoft Active Template Library (ATL) issues announced in MS09-035. If exploited, it can allow the execution of code in the context of the logged in user. Note that this signature is not designed to identify known malicious sites, but simply an alert that a vulnerable and potentially malicious ActiveX control has been accessed. Some Enterprise users may want to use it to block known malicious ActiveX controls, but before doing this, it is recommended the full impact is understood and tested.

Supported On:

References:

url: http://www.microsoft.com/atl
url: http://www.icasi.org/alerts.htm
url: http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
bugtraq: 35845
cve: CVE-2009-0901

Affected Products:

Adobe Shockwave Player 11.5.0.596
Adobe Shockwave Player 10.2.0.023
Adobe Shockwave Player 10
Adobe Shockwave Player 11.5.0.600

SMTP:EXCHANGE:EXCH-TNEF-BO - SMTP: Microsoft Exchange TNEF Attachment Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Exchange Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of System.

Supported On:

References:

cve: CVE-2009-0098

Affected Products:

Avaya Messaging Application Server MM 3.1
Microsoft Exchange Server 2000 SP1
Microsoft Exchange Server 2000 SP2
Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2000
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2007
Microsoft Exchange Server 2003
Avaya Messaging Application Server MM 2.0
Microsoft Exchange Server MAPI Client 1.2.1
Microsoft Exchange Server 2003 SP2
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server
Avaya Messaging Application Server MM 3.0
Microsoft Exchange Server 2007 SP 1

HTTP:STC:DL:VISIWAVE-SITE-BOF - HTTP: VisiWave Site Survey vwr File Processing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in VisiWave Site Survey. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2011-2386
bugtraq: 47948

Affected Products:

AZO Technologies, Inc. VisiWave Site Survey 2.0.12

HTTP:MAL-REDIRECT-EXP-100 - HTTP:MAL-REDIRECT Infection-100

Severity: MEDIUM

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

srx-12.1

POP3:MAL-LOTUS-APPLIX - POP3: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM Lotus Notes Applix. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

cve: CVE-2007-5405
bugtraq: 28454

Affected Products:

Symantec Mail Security Appliance 5.0.0
IBM Lotus Notes 6.0.3
IBM Lotus Notes 6.5.1
IBM Lotus Notes 6.0.2
Symantec Mail Security for Microsoft Exchange 5.0.0
IBM Lotus Notes 7.0.2
Symantec Mail Security for SMTP 5.0
IBM Lotus Notes 6.5.0
IBM Lotus Notes 6.0.4
IBM Lotus Notes 6.5.2
IBM Lotus Notes 7.0.3
IBM Lotus Notes 6.5.6 FP2
IBM Lotus Notes 6.0.0
Symantec Mail Security Appliance 5.0.0.24
Autonomy Keyview Export SDK 7
Autonomy Keyview Export SDK 8
Autonomy Keyview Export SDK 9
Autonomy Keyview Filter SDK 9
Autonomy Keyview Filter SDK 8
Autonomy Keyview Filter SDK 7
Autonomy Keyview Viewer SDK 7
Autonomy Keyview Viewer SDK 8
Autonomy Keyview Viewer SDK 9
Autonomy Keyview Viewer SDK 10
Autonomy Keyview Filter SDK 10
Autonomy Keyview Export SDK 10
IBM Lotus Notes 6.5.5
Autonomy Keyview Export SDK 10.3.0
Autonomy Keyview Filter SDK 10.3.0
Autonomy Keyview Viewer SDK 10.3.0
IBM Lotus Notes 7.0
ActivePDF DocConverter 3.8.4.0
IBM Lotus Notes 6.5.3
IBM Lotus Notes 6.5.4
IBM Lotus Notes 6.0.5
IBM Lotus Notes 6.5.5 FP3
IBM Lotus Notes 6.5.6
IBM Lotus Notes 7.0.1
IBM Lotus Notes 8.0
IBM Lotus Notes 6.0.1
IBM Lotus Notes 6.5.5 FP2
Symantec Mail Security for SMTP 5.0.1
Symantec Mail Security for Domino 7.5
IBM Lotus Notes 7.0.2 FP1

HTTP:STC:JAVA:JAX-WS-RCE - HTTP: Oracle Java Applet JAX-WS Class Handling Arbitrary Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2012-5076
bugtraq: 56054

Affected Products:

oracle jre up to 1.7.0 (update3)
oracle jre up to 1.7.0 (update5)
oracle jre up to 1.7.0 (update6)
oracle jdk up to 1.7.0 (update3)
oracle jdk up to 1.7.0 (update5)
oracle jdk up to 1.7.0 (update6)
oracle jre up to 1.7.0 (update4)
oracle jdk up to 1.7.0 (update1)
oracle jdk up to 1.7.0 (update2)
oracle jdk up to 1.7.0 (update4)
oracle jre up to 1.7.0 (update1)
oracle jre up to 1.7.0 (update2)
oracle jdk up to 1.7.0 (update7)
oracle jre up to 1.7.0 (update7)

HTTP:VMWARE-VSPHERE-DOS - HTTP: Vmware Vsphere Host Daemon Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Vmware Vsphere host daemon. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 56571
cve: CVE-2012-5703

Affected Products:

vmware esx 4.1
vmware esxi 4.1

SMTP:MAL:LOTUS-MAILTO - SMTP: IBM Lotus Domino nrouter.exe iCalendar MAILTO Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known stack buffer overflow vulnerability in IBM Lotus Domino Server. It is due an error in processing e-mail messages containing iCalendar requests. A remote unauthenticated attacker could leverage this by sending a malicious iCalendar e-mail message to a target server. A successful attack can lead to the execution of arbitrary code on a target server, within the security context of the affected service. In an unsuccessful attack, the target server can terminate abnormally.

Supported On:

References:

cve: CVE-2010-3407
bugtraq: 43219

Affected Products:

IBM Lotus Domino 6.5.0
IBM Lotus Domino 8.0.2
IBM Lotus Domino 4.6.1
IBM Lotus Domino 6.0.1.3
IBM Lotus Domino 8.5
IBM Lotus Domino 6.0.1.1
IBM Lotus Domino 4.6.4
IBM Lotus Domino 5.0.10
IBM Lotus Domino 5.0.4A
IBM Lotus Domino 6.5.5
IBM Lotus Domino 6.5.6
IBM Lotus Domino 6.0.2.2
IBM Lotus Domino 7.0.2 FP1
IBM Lotus Domino 7.0.4
IBM Lotus Domino 6.5.5 FP3
IBM Lotus Domino 6.0.2 CF2
IBM Lotus Domino 5.0.2
IBM Lotus Domino 6.5.3
IBM Lotus Domino 8.5 FP1
IBM Lotus Domino 5.0.7
IBM Lotus Domino 6.5.3.1
IBM Lotus Domino 6.5.2.1
IBM Lotus Domino 5.0.8A
IBM Lotus Domino 6.0.1.2
IBM Lotus Domino 6.5.4
IBM Lotus Domino 5.0.6A
IBM Lotus Domino 5.0.5
IBM Lotus Domino 5.0.6
IBM Lotus Domino 5.0.3
IBM Lotus Domino 5.0.11
IBM Lotus Domino 5.0.9
IBM Lotus Domino 4.6.3
IBM Lotus Domino 5.0.13
IBM Lotus Domino 5.0.8
IBM Lotus Domino 6.0.4
IBM Lotus Domino 6.5
IBM Lotus Domino 6.5.4.3
IBM Lotus Domino 8.0
IBM Lotus Domino 6.5.4 FP 1
IBM Lotus Domino 6.5.4 FP 2
IBM Lotus Domino 5.0.9A
IBM Lotus Domino 5.0.7A
IBM Lotus Domino 6.0.5
IBM Lotus Domino 5.0
IBM Lotus Domino 6.0.3
IBM Lotus Domino 7.0.3 Fix Pack 1 (FP1)
IBM Lotus Domino 8.0.1
IBM Lotus Domino 7.0.0
IBM Lotus Domino 5.0.4
IBM Lotus Domino 6.0.0
IBM Lotus Domino 6.5.2
IBM Lotus Domino 6.5.5 FP2
IBM Lotus Domino 6.5.5 FP1
IBM Lotus Domino 7.0.2
IBM Lotus Domino 5.0.1
IBM Lotus Domino 7.0.2 FP2
IBM Lotus Domino 6.0.2
IBM Lotus Domino 7.0.3
IBM Lotus Domino 6.0.1
IBM Lotus Domino 7.0.2 FP3
IBM Lotus Domino 6.5.1
IBM Lotus Domino 7.0.1
IBM Lotus Domino 6.0.2.1
IBM Lotus Domino 6.5.0 .0

TCP:AUDIT:DUP-SEQ-SEG-RETRANS - TCP: Duplicate Sequence Number Segment Retransmission

Severity: MEDIUM

Description:

This protocol anomaly triggers when it detects a TCP segment retransmission from the client to server in which the retransmitted data has the same sequence number but differs from the original data. This is a common IDS evasion attack; do not allow these packets to pass IDP.

Supported On:

References:

url: http://www.faqs.org/rfcs/rfc793.html

HTTP:STC:JAVA:DOCBASE-BOF - HTTP: Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known code execution vulnerability in Oracle Java. It is contained in the Java plugin handler for Internet Explorer, JP2IEXP.dll. While parsing the parameter docbase, the value is copied into a fixed length buffer on the stack without validation. This can lead to a stack buffer overflow. An attacker can exploit this by enticing a user to visit a specially crafted Web site. This can lead to arbitrary code execution in the context of the affected application

Supported On:

idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2010-3552
bugtraq: 44023

Affected Products:

Red Hat Enterprise Linux Supplementary 5 Server
Sun JDK (Solaris Production Release) 1.6.0 10
Sun JDK (Windows Production Release) 1.6.0 10
Sun JDK (Solaris Production Release) 1.6.0 04
Sun JDK (Windows Production Release) 1.6.0 04
Sun JDK (Solaris Production Release) 1.6.0 14
Sun JDK (Windows Production Release) 1.6.0 14
Sun JDK (Solaris Production Release) 1.6.0 13
Sun JDK (Windows Production Release) 1.6.0 13
Sun JDK (Solaris Production Release) 1.6.0 11
Sun JDK (Windows Production Release) 1.6.0 11
Sun JRE (Linux Production Release) 1.6.0 13
Sun JDK (Solaris Production Release) 1.6.0 05
Sun JDK (Windows Production Release) 1.6.0 05
Sun JDK (Windows Production Release) 1.6.0 06
Sun JDK (Solaris Production Release) 1.6.0 06
Sun JDK (Solaris Production Release) 1.6.0 07
Sun JDK (Windows Production Release) 1.6.0 07
Sun JDK (Solaris Production Release) 1.6.0
Sun JDK (Windows Production Release) 1.6.0
Sun JRE (Solaris Production Release) 1.6.0
Sun JRE (Windows Production Release) 1.6.0
Sun JRE (Solaris Production Release) 1.6.0 10
Sun JRE (Windows Production Release) 1.6.0 10
Avaya Proactive Contact 3.0.3
Sun JRE (Solaris Production Release) 1.6.0 12
Sun JRE (Windows Production Release) 1.6.0 12
Sun JRE (Solaris Production Release) 1.6.0 13
Sun JRE (Windows Production Release) 1.6.0 13
Sun JRE (Solaris Production Release) 1.6.0 04
Sun JRE (Windows Production Release) 1.6.0 04
Sun JRE (Solaris Production Release) 1.6.0 05
Sun JRE (Windows Production Release) 1.6.0 05
Sun JRE (Solaris Production Release) 1.6.0 06
Sun JRE (Windows Production Release) 1.6.0 06
Sun JRE (Solaris Production Release) 1.6.0 07
Sun JRE (Windows Production Release) 1.6.0 07
VMWare ESX 4.1 Update 1
Avaya Aura Conferencing 6.0 Standard
HP HP-UX B.11.31
Sun JDK (Windows Production Release) 1.6.0 18
Sun JDK (Solaris Production Release) 1.6.0 18
Sun JDK (Linux Production Release) 1.6.0 18
Sun JRE (Linux Production Release) 1.6.0 18
Sun JRE (Windows Production Release) 1.6.0 18
Sun JRE (Solaris Production Release) 1.6.0 18
HP HP-UX B.11.23
Sun JDK (Linux Production Release) 1.6.0_21
Sun JDK (Solaris Production Release) 1.6.0_21
Sun JDK (Windows Production Release) 1.6.0_21
Sun JRE (Linux Production Release) 1.6.0_21
Sun JRE (Solaris Production Release) 1.6.0_21
Sun JRE (Windows Production Release) 1.6.0_21
VMWare vCenter 4.1
VMWare vCenter 4.1 Update 1
HP HP-UX B.11.11
Sun JDK (Linux Production Release) 1.6.0 02
Sun JDK (Windows Production Release) 1.6.0 02
Sun JRE (Linux Production Release) 1.6.0 04
Sun JRE (Linux Production Release) 1.6.0 02
Sun JDK (Linux Production Release) 1.6.0 04
Sun JDK (Linux Production Release) 1.6.0
Sun JRE (Windows Production Release) 1.6.0 01
Sun JRE (Windows Production Release) 1.6.0 02
Sun JRE (Linux Production Release) 1.6.0 20
Sun JRE (Windows Production Release) 1.6.0 20
Sun JRE (Linux Production Release) 1.6.0 19
Sun JRE (Linux Production Release) 1.6.0 07
Sun JDK (Linux Production Release) 1.6.0 07
Sun JDK (Solaris Production Release) 1.6.0 19
Sun JDK (Windows Production Release) 1.6.0 19
Sun JDK (Linux Production Release) 1.6.0 19
Sun JDK (Solaris Production Release) 1.6.0 03
Sun JDK (Linux Production Release) 1.6.0 03
Sun JDK (Windows Production Release) 1.6.0 20
SuSE SUSE Linux Enterprise 11
Sun JDK (Linux Production Release) 1.6.0 13
Sun JDK (Windows Production Release) 1.6.0 03
Sun JRE (Linux Production Release) 1.6.0 03
Sun JRE (Solaris Production Release) 1.6.0 03
Sun JRE (Windows Production Release) 1.6.0 03
Sun JRE (Linux Production Release) 1.6.0 12
Sun JDK (Solaris Production Release) 1.6.0 02
Sun JDK (Linux Production Release) 1.6.0 05
Sun JRE (Linux Production Release) 1.6.0 05
Sun JRE (Linux Production Release) 1.6.0 11
Sun JDK (Solaris Production Release) 1.6.0 17
Sun JDK (Linux Production Release) 1.6.0 06
Sun JRE (Linux Production Release) 1.6.0
Sun JRE (Linux Production Release) 1.6.0 10
Sun JRE (Linux Production Release) 1.6.0 06
Red Hat Enterprise Linux Desktop Supplementary 5 Client
Sun JDK (Windows Production Release) 1.6.0 01
Sun JDK (Linux Production Release) 1.6.0 01
Sun JDK (Windows Production Release) 1.6.0 01-B06
HP HP-UX B.11.23
Sun JDK (Solaris Production Release) 1.6.0 01
Sun JDK (Linux Production Release) 1.6.0 01-B06
Sun JRE (Linux Production Release) 1.6.0 01
Gentoo Linux
Sun JDK (Linux Production Release) 1.6.0 14
Sun JRE (Solaris Production Release) 1.6.0 01
Sun JRE (Solaris Production Release) 1.6.0 02
Sun JDK (Linux Production Release) 1.6.0 15
Sun JDK (Windows Production Release) 1.6.0 15
Sun JDK (Solaris Production Release) 1.6.0 15
Sun JRE (Solaris Production Release) 1.6.0 15
Sun JRE (Windows Production Release) 1.6.0 15
Sun JRE (Linux Production Release) 1.6.0 15
Sun JDK (Solaris Production Release) 1.6.0 20
Sun JDK (Linux Production Release) 1.6.0 20
Sun JRE (Linux Production Release) 1.6.0 14
Sun JRE (Windows Production Release) 1.6.0 14
Sun JRE (Solaris Production Release) 1.6.0 14
SuSE SUSE Linux Enterprise 11 SP1
Red Hat Enterprise Linux Extras 4
HP HP-UX B.11.23
Sun JDK (Linux Production Release) 1.6.0 10
Sun JRE (Solaris Production Release) 1.6.0 2
Sun JRE (Windows Production Release) 1.6.0 2
Avaya Proactive Contact 3.0.2
Sun JRE (Windows Production Release) 1.6.0 19
Sun JRE (Solaris Production Release) 1.6.0 19
Sun JRE (Linux Production Release) 1.6.0 17
Sun JRE (Solaris Production Release) 1.6.0 17
Sun JRE (Windows Production Release) 1.6.0 17
SuSE openSUSE 11.3
Sun JDK (Linux Production Release) 1.6.0 17
Sun JRE (Solaris Production Release) 1.6.0 11
Sun JRE (Windows Production Release) 1.6.0 11
Sun JDK (Windows Production Release) 1.6.0 17
SuSE openSUSE 11.2
Red Hat Enterprise Linux Extras 4.8.Z
HP HP-UX B.11.11
VMWare ESX 4.1
HP HP-UX B.11.31
Sun JDK (Linux Production Release) 1.6.0 11
Sun JDK (Solaris Production Release) 1.6.0 01-B06
SuSE openSUSE 11.1
Avaya Proactive Contact 3.0

HTTP:STC:ADOBE:BMP-HEADER - HTTP: Adobe Multiple Products BMP Image Header Handling Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in multiple Adobe products. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

References:

cve: CVE-2008-1765
bugtraq: 28874

Affected Products:

Adobe Photoshop Album Starter 3.2
Adobe After Effects CS3

SMTP:MAL:LOTUS-APPLIX - SMTP: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow

Severity: HIGH

Description:

Supported On:

References:

cve: CVE-2007-5405
bugtraq: 28454

Affected Products:

Symantec Mail Security Appliance 5.0.0
IBM Lotus Notes 6.0.3
IBM Lotus Notes 6.5.1
IBM Lotus Notes 6.0.2
Symantec Mail Security for Microsoft Exchange 5.0.0
IBM Lotus Notes 7.0.2
Symantec Mail Security for SMTP 5.0
IBM Lotus Notes 6.5.0
IBM Lotus Notes 6.0.4
IBM Lotus Notes 6.5.2
IBM Lotus Notes 7.0.3
IBM Lotus Notes 6.5.6 FP2
IBM Lotus Notes 6.0.0
Symantec Mail Security Appliance 5.0.0.24
Autonomy Keyview Export SDK 7
Autonomy Keyview Export SDK 8
Autonomy Keyview Export SDK 9
Autonomy Keyview Filter SDK 9
Autonomy Keyview Filter SDK 8
Autonomy Keyview Filter SDK 7
Autonomy Keyview Viewer SDK 7
Autonomy Keyview Viewer SDK 8
Autonomy Keyview Viewer SDK 9
Autonomy Keyview Viewer SDK 10
Autonomy Keyview Filter SDK 10
Autonomy Keyview Export SDK 10
IBM Lotus Notes 6.5.5
Autonomy Keyview Export SDK 10.3.0
Autonomy Keyview Filter SDK 10.3.0
Autonomy Keyview Viewer SDK 10.3.0
IBM Lotus Notes 7.0
ActivePDF DocConverter 3.8.4.0
IBM Lotus Notes 6.5.3
IBM Lotus Notes 6.5.4
IBM Lotus Notes 6.0.5
IBM Lotus Notes 6.5.5 FP3
IBM Lotus Notes 6.5.6
IBM Lotus Notes 7.0.1
IBM Lotus Notes 8.0
IBM Lotus Notes 6.0.1
IBM Lotus Notes 6.5.5 FP2
Symantec Mail Security for SMTP 5.0.1
Symantec Mail Security for Domino 7.5
IBM Lotus Notes 7.0.2 FP1

APP:ORACLE:OOXML-TAG - APP: Oracle Outside In OOXML Relationship Tag Parsing Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Oracle Outside. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open an OOXML document with an affected application. This can cause a stack buffer overflow, resulting in arbitrary code execution in the context of the affected application. If code execution is unsuccessful, the affected application may terminate unexpectedly.

Supported On:

References:

url: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

APP:WMP:DSHOW-BIGCHUNK-SMTP - APP: Windows Media Player DirectShow Vulnerability (SMTP)

Severity: MEDIUM

Description:

This signature detects invalid AVI files sent through SMTP. Attackers can send a corrupted AVI file as an e-mail attachment. A successful attack can allow code execution on a Microsoft Windows systems.

Supported On:

References:

cve: CVE-2005-2128
url: http://www.microsoft.com/technet/security/bulletin/MS05-050.mspx
bugtraq: 15063

Affected Products:

Microsoft Windows XP Media Center Edition SP2
Microsoft Windows 98SE
Avaya IP600 Media Servers R8
Nortel Networks CallPilot 1.0.7
Nortel Networks CallPilot 2.0.0
Nortel Networks CallPilot 3.0.0
Nortel Networks CallPilot 4.0.0
Microsoft DirectX 8.2
Avaya DefinityOne Media Servers R10
Avaya DefinityOne Media Servers R12
Avaya IP600 Media Servers R12
Avaya IP600 Media Servers R10
Avaya S8100 Media Servers R10
Avaya S8100 Media Servers R12
Avaya S8100 Media Servers R11
Avaya DefinityOne Media Servers R11
Avaya IP600 Media Servers R11
Microsoft DirectX 9.0
Microsoft DirectX 9.0 c
Microsoft Windows XP Tablet PC Edition SP2
Avaya IP600 Media Servers R6
Microsoft Small Business Server 2003
Avaya DefinityOne Media Servers R7
Avaya DefinityOne Media Servers R8
Avaya DefinityOne Media Servers R9
Avaya S8100 Media Servers R9
Avaya S8100 Media Servers R8
Microsoft DirectX 7.0
Microsoft DirectX 9.0 a
Microsoft DirectX 8.1
Avaya DefinityOne Media Servers
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows XP Media Center Edition SP1
Microsoft DirectX 8.0
Microsoft DirectX 8.0 a
Microsoft DirectX 8.1 a
Microsoft DirectX 8.1 b
Nortel Networks Centrex IP Element Manager 2.5.0
Avaya IP600 Media Servers R7
Avaya Unified Communication Center
Microsoft Windows XP Home SP1
Microsoft Windows Server 2003 Standard Edition
Avaya S8100 Media Servers R7
Microsoft Windows XP Professional SP1
Microsoft Windows Media Player 9.0
Avaya S8100 Media Servers R6
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows ME
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Avaya S3400 Message Application Server
Microsoft Windows 98
Avaya S8100 Media Servers
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Avaya DefinityOne Media Servers R6
Microsoft DirectX 9.0b
Microsoft Windows Server 2003 Datacenter Edition Itanium
Microsoft Windows Server 2003 Enterprise Edition Itanium
Avaya IP600 Media Servers
Nortel Networks Centrex IP Client Manager 2.5.0
Microsoft Windows XP Home SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Tablet PC Edition SP1
Avaya IP600 Media Servers R9

HTTP:STC:IE:DND-IMG - HTTP: Internet Explorer Drag-and-Drop Evasion

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer drag-and-drop. Attackers can send a maliciously crafted request or host a malicious Web page to exploit this issue. A successful attack can allow attackers to execute arbitrary code. This vulnerability is detailed in Microsoft Security Bulletin MS04-038.

Supported On:

References:

cve: CVE-2005-0053
url: http://www.microsoft.com/technet/security/Bulletin/MS05-008.mspx
bugtraq: 11466
url: http://www.kb.cert.org/vuls/id/698835

Affected Products:

Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows 98SE
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Advanced Server SP3
Microsoft Internet Explorer 6.0
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows XP 64-bit Edition SP1
Microsoft Internet Explorer 5.0.1
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows 2000 Professional
Microsoft .NET Framework 1.1
Nortel Networks Mobile Voice Client 2050
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Advanced Server SP1
Microsoft Internet Explorer 5.5 SP1
Nortel Networks Optivity Telephony Manager (OTM)
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows XP Media Center Edition SP1
Microsoft Internet Explorer 6.0 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Tablet PC Edition
Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Windows 2000 Advanced Server
Microsoft Windows ME
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP Media Center Edition SP2
Nortel Networks Symposium Web Client
Microsoft Windows XP Home SP1
Microsoft Windows XP Professional SP1
Nortel Networks IP softphone 2050
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Advanced Server SP4
Microsoft Internet Explorer 5.5 SP2
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server SP2
Nortel Networks Symposium Web Center Portal (SWCP)
Microsoft Windows 98
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Windows Server 2003 Datacenter Edition Itanium
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.5
Microsoft Windows XP Home SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Internet Explorer 5.0.1 SP1

SMTP:MS-WIN-SMTP-DOS - SMTP: Microsoft Windows SMTP Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can result in a denial-of-service condition.

Supported On:

SMTP:MS-OUTLOOK-EMAIL-RCE-1 - SMTP: Microsoft Outlook Email Parsing Remote Code Execution 1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Outlook. A successful attack can lead to arbitrary code execution.

Supported On:

Severity: INFO

Description:

This protocol anomaly is an ICMPv6 session that contains more ICMPv6 packets than the user-defined maximum (an ICMPv6 flood). The default number of ICMPv6 packets per second is 250; you can change this setting in the Sensor Settings Rulebase>Protocol Thresholds and Configuration>ICMP>Packets per second to trigger a flood.

Supported On:

srx-branch-12.1, vsrx-15.1, srx-12.1

HTTP:STC:IMG:OFFICE-FLASHPIX2 - HTTP: Microsoft Office Malicious FlashPix Image (2)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the Microsoft Office FlashPix Graphics filter. A successful attack can lead to arbitrary code execution.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, idp-4.0.110090831, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

References:

cve: CVE-2010-3951
bugtraq: 45278

Affected Products:

Microsoft Office XP SP3
Microsoft Office XP SP1
Microsoft Office Converter Pack
Microsoft Office XP SP2
Microsoft Office XP

SMTP:MAL:IBM-ATTACHMENT-VIEWER - SMTP: IBM Lotus Notes Attachment Viewer UUE File Handling Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM Lotus Notes Attachment Viewer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2005-2618
bugtraq: 16576

Affected Products:

IBM Lotus Notes 6.0.3
IBM Lotus Notes 6.5.1
IBM Lotus Notes 6.0.2
IBM Lotus Notes 7.0
IBM Lotus Notes 6.5.3
IBM Lotus Notes 6.5.4
IBM Lotus Notes 6.0.5
IBM Lotus Notes 6.5.0
IBM Lotus Notes 6.0.4
IBM Lotus Notes 6.5.2
IBM Lotus Notes 6.0.1

HTTP:STC:DL:WORD-STYLE-EXEC - HTTP: Microsoft Word Cascading Style Sheet Processing Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Word. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2008-1434
bugtraq: 29105

Affected Products:

Microsoft Outlook 2007 SP1
Microsoft Word 2000 SP3
Microsoft Office Compatibility Pack 2007 SP1
Microsoft Office 2004 for Mac
Microsoft Office 2003 SP2
Microsoft Word 2002
Microsoft Word Viewer 2003 SP3
Microsoft Word 2002 SP2
Microsoft Office XP SP3
Microsoft Word 2007
Microsoft Office XP SP1
Microsoft Office 2003 SP3
Microsoft Word 2003 SP2
Microsoft Word 2007 SP1
Microsoft Word 2003 SP3
Microsoft Word 2003
Microsoft Word 2002 SP1
Microsoft Office XP
Microsoft Word 2000 SR1
Microsoft Word 2000 Sr1a
Microsoft Word 2000 SP2
Microsoft Office 2003 SP1
Microsoft Office 2008 for Mac
Microsoft Office Compatibility Pack 2007
Microsoft Word 2000
Microsoft Office 2007 SP1
Microsoft Office 2003
Microsoft Office 2007
Microsoft Word Viewer 2003
Microsoft Word 2002 SP3
Microsoft Word 2003 SP1
Microsoft Outlook 2007
Microsoft Office XP SP2

SMTP:OUTLOOK:TZID-OF - SMTP: Outlook TZID Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Outlook. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2007-0033
url: http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
bugtraq: 21931
cve: CVE-2006-4699

Affected Products:

Microsoft Outlook 2000 SP3
Microsoft Outlook 2002 SP2
Microsoft Office XP
Microsoft Outlook 2000
Microsoft Office XP SP3
Microsoft Outlook 2002
Microsoft Office 2003 SP1
Microsoft Office 2000 SP1
Microsoft Office 2000 SP2
Microsoft Outlook 2002 SP3
Microsoft Office XP SP1
Microsoft Office 2003 SP2
Microsoft Outlook 2000 SP2
Microsoft Outlook 2003 SP2
Microsoft Outlook 2003
Microsoft Outlook 2000 SR1
Microsoft Outlook 2002 SP1
Microsoft Office 2000 SP3
Microsoft Office XP SP2
Microsoft Office 2000
Microsoft Office 2003

SMTP:MAL:LOTUS-LZH-BOF - SMTP: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM Lotus Notes. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

cve: CVE-2011-1213
bugtraq: 48018

Affected Products:

Symantec Mail Security for Microsoft Exchange 6.5.0
Autonomy Keyview Viewer SDK 10.12
Autonomy Keyview Viewer SDK 9.2
Symantec Mail Security for Domino 7.5.0.19
Symantec Data Loss Prevention Endpoint Agents 10.5.1
Symantec Mail Security for Microsoft Exchange 6.0.8
Autonomy Keyview Filter SDK 9.2
IBM Lotus Notes 7.0.1
IBM Lotus Notes 7.0
Symantec Mail Security for Microsoft Exchange 6.5.5
Symantec Mail Security for Microsoft Exchange 6.0.12
Symantec Mail Security for Domino 8.0.8
Symantec Mail Security for Domino 7.5.11
Symantec Brightmail and Messaging Gateway 9.5
Symantec Data Loss Prevention Detection Servers for Windows 10.5.3
Symantec Data Loss Prevention Detection Servers for Linux 10.5.3
Symantec Data Loss Prevention Endpoint Agents 10.5.3
Symantec Data Loss Prevention Detection Servers for Windows 11.0
Symantec Data Loss Prevention Detection Servers for Linux 11.0
Symantec Data Loss Prevention Endpoint Agents 11.0
Symantec Data Loss Prevention Detection Servers for Windows 11.1
Symantec Data Loss Prevention Detection Servers for Linux 11.1
Symantec Data Loss Prevention Endpoint Agents 11.1
Symantec Brightmail Gateway 8.0
Symantec Mail Security for Domino 7.5.3.25
Symantec Mail Security for Domino 8.0.1
Symantec Mail Security for Domino 7.5.3 25
Symantec Mail Security for Domino 7.5.7
Symantec Mail Security for Domino 8.0
Symantec Mail Security for Microsoft Exchange 6.0.9
IBM Lotus Notes 6.5.0
IBM Lotus Notes 6.5.2
Symantec Mail Security for Domino 7.5.5.32
IBM Lotus Notes 6.5.2 FP1
Autonomy Keyview Viewer SDK 10
Autonomy Keyview Filter SDK 10
Autonomy Keyview Export SDK 10
Autonomy Keyview Export SDK 10.4.0
Autonomy Keyview Export SDK 10.3.0
Autonomy Keyview Filter SDK 10.3.0
Autonomy Keyview Filter SDK 10.4.0
Autonomy Keyview Viewer SDK 10.4.0
Autonomy Keyview Viewer SDK 10.3.0
Symantec Mail Security for Microsoft Exchange 6.0.0
IBM Lotus Notes 8.0.1
IBM Lotus Notes 6.5.5 FP2
IBM Lotus Notes 8.5.2
Symantec Mail Security for Domino 7.5.4.29
Symantec Mail Security for Domino 7.5
Symantec Mail Security for Domino 7.5.6
IBM Lotus Notes 6.5.1
IBM Lotus Notes 7.0.2
Symantec Mail Security for Domino 8.0.2
Symantec Mail Security for Domino 7.5.8
Symantec Data Loss Prevention Detection Servers for Windows 10.0
Symantec Data Loss Prevention Detection Servers for Linux 10.0
Symantec Data Loss Prevention Endpoint Agents 10.0
Symantec Mail Security for Domino 8.0.3
Symantec Mail Security for Domino 7.5.9
Symantec Mail Security for Microsoft Exchange 6.0.10
Symantec Brightmail Gateway 8.0.1
Symantec Brightmail Gateway 8.0.2
Symantec Brightmail Gateway 9.0
IBM Lotus Notes 7.0
Symantec Data Loss Prevention Detection Servers for Windows 10.0.1010 .18007
Symantec Data Loss Prevention Detection Servers for Linux 10.0.1010 .18007
Symantec Data Loss Prevention Endpoint Agents 10.0.1010 .18007
Autonomy Keyview Filter SDK 10.9.0
IBM Lotus Notes 6.5.5
Autonomy Keyview Export SDK 10.5
Autonomy Keyview Export SDK 10.8
Autonomy Keyview Export SDK 10.9
Autonomy Keyview Export SDK 10.10
Autonomy Keyview Export SDK 10.12
Autonomy Keyview Export SDK 9.2
Autonomy Keyview Filter SDK 10.5
Autonomy Keyview Filter SDK 10.8
Autonomy Keyview Filter SDK 10.10
Symantec Mail Security for Domino 7.5.10
Autonomy Keyview Filter SDK 10.12
IBM Lotus Notes 6.5.4
Autonomy Keyview Viewer SDK 10.5
Symantec Data Loss Prevention Detection Servers for Windows 10.5.1
Autonomy Keyview Viewer SDK 10.9
Autonomy Keyview Viewer SDK 10.10
Autonomy Keyview Viewer SDK 10.11
Symantec Data Loss Prevention Detection Servers for Windows 10.5
Symantec Data Loss Prevention Detection Servers for Linux 10.5
Symantec Data Loss Prevention Endpoint Agents 10.5
Symantec Mail Security for Microsoft Exchange 6.0.6
IBM Lotus Notes 6.5.5 FP3
IBM Lotus Notes 6.5.6
IBM Lotus Notes 7.0.2 FP1
IBM Lotus Notes 8.0
IBM Lotus Notes 8.5.1
IBM Lotus Notes 7.0.2 FP2
Autonomy Keyview IDOL 10
Symantec Message Gateway 9.5
Symantec Data Loss Prevention Agent Server 10.0
Symantec Mail Security for Microsoft Exchange 6.0.7
Symantec Mail Security for Microsoft Exchange 6.0.0
IBM Lotus Notes 7.0.3
IBM Lotus Notes 6.5.6 FP2
Symantec Mail Security for Microsoft Exchange 6.0.0.1
IBM Lotus Notes 8.5
Symantec Mail Security for Microsoft Exchange 6.0.11
Symantec Mail Security for Domino 8.0.6
Symantec Messaging Gateway 9.5
Symantec Brightmail Gateway 9.5
Autonomy Keyview Filter SDK 10.11
IBM Lotus Notes 6.5.3
Symantec Mail Security for Microsoft Exchange 6.5.1
Symantec Brightmail Gateway 9.0.2
Autonomy Keyview Viewer SDK 10.8
Symantec Data Loss Prevention Detection Servers for Linux 10.5.1
Symantec Mail Security for Microsoft Exchange 6.0.5

HTTP:STC:DL:MAL-WMV-MEDIA - HTTP: Windows Media Player Malformed Media Player File Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Media Player. A successful attack can result in arbitrary code execution with the privileges of the targeted user.

Supported On:

References:

cve: CVE-2010-2745
bugtraq: 43772

Affected Products:

Microsoft Windows Media Player 9.0
Avaya CallPilot
Microsoft Windows Media Player 12
Avaya Meeting Exchange - Webportal
Avaya Meeting Exchange - Web Conferencing Server
Microsoft Windows Media Player 11
Microsoft Windows Media Player 10.0
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Messaging Application Server
Avaya Aura Conferencing Standard
Avaya Communication Server 1000 Telephony Manager

HTTP:STC:IE:CVE-2013-3873-MC - HTTP: Microsoft Internet Explorer CVE-2013-3873 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in the Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2013-3873

Affected Products:

microsoft internet_explorer 10

SMTP:DOS:CLAM-TNEF-DOS - SMTP: Clam AntiVirus TNEF Processor Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Clam AntiVirus. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2005-3500
bugtraq: 15316

Affected Products:

Clam Anti-Virus ClamAV 0.65.0
Debian Linux 3.0.0 Alpha
Debian Linux 3.0.0 Arm
Debian Linux 3.0.0 Ia-32
Debian Linux 3.0.0 Ia-64
Debian Linux 3.0.0 Hppa
Debian Linux 3.0.0 M68k
Debian Linux 3.0.0 Mips
Debian Linux 3.0.0 Mipsel
Debian Linux 3.0.0 Ppc
Debian Linux 3.0.0 S/390
Debian Linux 3.0.0 Sparc
Clam Anti-Virus ClamAV 0.87.0 -1
Debian Linux 3.0.0
Clam Anti-Virus ClamAV 0.70.0
Clam Anti-Virus ClamAV 0.80.0 Rc1
Clam Anti-Virus ClamAV 0.80.0 Rc2
Clam Anti-Virus ClamAV 0.68.0 -1
Clam Anti-Virus ClamAV 0.80.0 Rc4
Clam Anti-Virus ClamAV 0.60.0
Clam Anti-Virus ClamAV 0.54.0
Clam Anti-Virus ClamAV 0.53.0
Clam Anti-Virus ClamAV 0.67.0
Clam Anti-Virus ClamAV 0.51.0
Clam Anti-Virus ClamAV 0.80.0 Rc3
Mandriva Linux Mandrake 2006.0.0 X86 64
Mandriva Corporate Server 3.0.0
Mandriva Corporate Server 3.0.0 X86 64
Clam Anti-Virus ClamAV 0.80.0
Clam Anti-Virus ClamAV 0.86.0
Clam Anti-Virus ClamAV 0.81.0
Clam Anti-Virus ClamAV 0.84.0
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85.0
Clam Anti-Virus ClamAV 0.84.0 Rc2
Clam Anti-Virus ClamAV 0.84.0 Rc1
Mandriva Linux Mandrake 10.1.0
Mandriva Linux Mandrake 10.1.0 X86 64
Clam Anti-Virus ClamAV 0.83.0
Mandriva Linux Mandrake 2006.0.0
Clam Anti-Virus ClamAV 0.52.0
Clam Anti-Virus ClamAV 0.82.0
Clam Anti-Virus ClamAV 0.86.2
Debian Linux 3.1.0 Amd64
Debian Linux 3.1.0
Debian Linux 3.1.0 Alpha
Debian Linux 3.1.0 Arm
Debian Linux 3.1.0 Hppa
Debian Linux 3.1.0 Ia-32
Debian Linux 3.1.0 Ia-64
Debian Linux 3.1.0 M68k
Debian Linux 3.1.0 Mips
Debian Linux 3.1.0 Mipsel
Debian Linux 3.1.0 Ppc
Debian Linux 3.1.0 S/390
Clam Anti-Virus ClamAV 0.87.0
Clam Anti-Virus ClamAV 0.68.0
Clam Anti-Virus ClamAV 0.86.0 .1
Mandriva Linux Mandrake 10.2.0
Mandriva Linux Mandrake 10.2.0 X86 64
Debian Linux 3.1.0 Sparc
Clam Anti-Virus ClamAV 0.75.1
Conectiva Linux 10.0.0

SMTP:OUTLOOK:MIME-PARSE-UAF - SMTP: Microsoft Outlook MIME Email Message Parsing Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Outlook. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2013-3870

Affected Products:

microsoft outlook 2007 (sp3)
microsoft outlook 2010 (sp1:~~~x86~~)
microsoft outlook 2010 (sp2:~~~x86~~)
microsoft outlook 2010 (sp2:~~~x64~~)
microsoft outlook 2010 (sp1:~~~x64~~)

SMTP:OUTLOOK:TNEF-INT-OF - SMTP: TNEF Integer Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against the message decoder in Microsoft Outlook. Attackers can craft rich-text messages containing malformed TNEF data, which can lead to a denial of service to the Outlook client.

Supported On:

References:

cve: CVE-2005-0556
cve: CVE-2005-0557
cve: CVE-2006-0002
bugtraq: 16197

HTTP:STC:DL:DOT-NET-INFO-DISC - HTTP: Microsoft .NET Framework WinForms Information Disclosure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework WinForms. A successful attack can lead to unauthorized information disclosure.

Supported On:

References:

cve: CVE-2013-0001
bugtraq: 57124

Affected Products:

microsoft .net_framework 1.0 (sp3)
microsoft .net_framework 1.1 (sp1)
microsoft .net_framework 2.0 (sp2)
microsoft .net_framework 4.0
microsoft .net_framework 3.5.1
microsoft .net_framework 4.5
microsoft .net_framework 3.5

POP3:IBM-NOTES-PNG-OVF - POP3: IBM Notes PNG Image Parsing Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Notes. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 59693
cve: CVE-2013-2977

Affected Products:

ibm lotus_notes 8.5.0.1
ibm lotus_notes 8.5.3.1
ibm lotus_notes 8.5.3
ibm lotus_notes 8.5.1.1
ibm lotus_notes 8.5.2.0
ibm lotus_notes 8.5.0.0
ibm lotus_notes 8.5.1.2
ibm lotus_notes 8.5.3.2
ibm lotus_notes 9.0.0.0
ibm lotus_notes 8.5.2.3
ibm lotus_notes 8.5.1.3
ibm lotus_notes 8.5.3.3
ibm lotus_notes 8.5.1
ibm lotus_notes 8.5.3.4
ibm lotus_notes 8.5.2.2
ibm lotus_notes 8.5.1.4
ibm lotus_notes 8.5
ibm lotus_notes 8.5.1.0
ibm lotus_notes 8.5.2.1
ibm lotus_notes 8.5.1.5

HTTP:STC:WINDOWS-FAX-COVER - HTTP: Microsoft Windows Fax Services Cover Page Editor Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known heap buffer overflow vulnerability in Microsoft Windows Fax Services. It is due to insufficient validation of a drawing object data while parsing Microsoft Fax cover page files. Remote attackers can exploit this by enticing the target user to open a specially crafted Fax cover page file. A successful attack can result in execution of arbitrary code within the security context of the currently logged in user. An unsuccessful attempt terminates the affected application abnormally.

Supported On:

HTTP:INFO-LEAK:HTTP-VERSION-NT - HTTP: Version Not Implemented

Severity: INFO

Description:

This is for HTTP version 2.0. As of now this protocol decoder is not implemented. So if we see any HTTP traffic with version as 2.0, this anomaly will be raised.

Supported On:

Supported On:

References:

cve: CVE-2010-3235
bugtraq: 43650

Affected Products:

Microsoft Excel 2002
Microsoft Excel 2002 SP1
Microsoft Excel 2002 SP2
Microsoft Excel 2002 SP3

HTTP:INVALID:GZIP-TRANSACTION - HTTP: Invalid GZIP Transaction

Severity: MEDIUM

Description:

This anomaly is triggered if a mismatch is detected between the indicated value "gzip" in the Content-encoding header and the actual data. The type of payload should start from the pattern "1f 8b" and if it doesn't, it may be an attempt by malware to obfuscate the payload and it will be detected by this anomaly.

Supported On:

SMTP:DOS:MS-MALWARE-ENGINE - SMTP: Microsoft Malware Protection Engine File Processing Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Malware Protection Engine. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2008-1437
bugtraq: 29060

Affected Products:

Microsoft Windows Defender
Microsoft Windows Live OneCare
Microsoft Forefront Security for Exchange Server 1.0
Microsoft Forefront Security for SharePoint Server 1.0
Microsoft Windows Defender x64 Edition
Microsoft Antigen for Exchange 9
Microsoft Antigen for SMTP Gateway 9
Microsoft Forefront Client Security
Microsoft Standalone System Sweeper

HTTP:STC:MOZILLA:QUERYINT-OF - HTTP: Metasploit Firefox QueryInterface Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox browser. Firefox 1.5 is affected. Attackers using Metasploit Framework can exploit this vulnerability leading to arbitrary code execution.

Supported On:

DI-Client, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2006-0295
url: http://www.frsirt.com/exploits/20060208.firefox_queryinterface_mac.pm.php
bugtraq: 16476
url: http://www.mozilla.org/security/announce/mfsa2006-04.html

Affected Products:

Mozilla Browser 1.3.1
Red Hat Linux 7.3.0 I686
Mozilla Browser 1.4.0 B
Mozilla Thunderbird 1.5.0
Mozilla Thunderbird 0.9.0
Mozilla Thunderbird 1.0.0
Mozilla Browser 1.7.8
Red Hat Enterprise Linux ES 3
Mozilla Firefox 1.0.3
Mozilla Browser 1.7.7
Mozilla Thunderbird 1.0.5
Mozilla Firefox 1.0.2
Mozilla Browser 0.9.35
Mozilla Browser 0.9.48
Mozilla Browser 1.5.0
Red Hat Fedora Core1
Red Hat Desktop 3.0.0
Mozilla Browser 1.7.0 Rc1
Mozilla Browser 1.7.0 Beta
Mozilla Browser 1.7.0 Alpha
Mozilla Browser 1.5.1
SuSE Linux Professional 10.0.0 OSS
SuSE Linux Personal 10.0.0 OSS
Ubuntu Ubuntu Linux 5.0.0 4 Amd64
Mozilla Browser 0.9.7
Mozilla Browser 0.9.5
Mozilla Browser 0.9.4 .1
Mozilla Browser 0.9.4
Mozilla Browser 0.9.3
Mozilla Browser 0.9.2 .1
Mozilla Browser 0.9.2
Red Hat Desktop 4.0.0
SuSE Linux Personal 9.3.0 X86 64
Mozilla Firefox 1.5.0
HP HP-UX B.11.31
Mozilla Thunderbird 1.0.7
SGI ProPack 3.0.0 SP6
Red Hat Enterprise Linux WS 2.1 IA64
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux ES 2.1 IA64
Mozilla Browser 1.4.0
Sun Solaris 9 Sparc
Mozilla Browser 1.1.0 Alpha
Mozilla Browser 1.0.0
SuSE Linux Personal 9.2.0 X86 64
SuSE Linux Personal 9.1.0
Mozilla Browser 1.2.0 Alpha
Mozilla Thunderbird 1.0.6
Sun Solaris 9 X86 Update 2
Mozilla Browser 1.2.1
Mozilla Browser 1.3.0
Red Hat Linux 7.3.0
Red Hat Linux 7.3.0 I386
Mozilla Browser 1.4.2
Red Hat Linux 9.0.0 I386
Mozilla Browser 0.8.0
Mozilla Firefox 0.10.1
Mozilla Firefox 1.0.6
Mozilla Browser 1.2.0 Beta
Mozilla Browser 1.0.1
Debian Linux 3.1.0 Ppc
Mozilla Firefox 1.0.0
Mozilla Browser 1.4.4
Mozilla Browser 1.7.3
Mozilla Thunderbird 0.8.0
Mozilla Firefox Preview Release
Mandriva Linux Mandrake 2006.0.0
Mandriva Linux Mandrake 2006.0.0 X86 64
Mozilla Firefox 1.5.0 Beta 2
Mozilla Browser 1.1.0
Red Hat Enterprise Linux AS 2.1
Debian Linux 3.1.0 Amd64
HP HP-UX B.11.11
Debian Linux 3.1.0 Alpha
Debian Linux 3.1.0 Arm
HP HP-UX B.11.00
Debian Linux 3.1.0 Ia-32
Debian Linux 3.1.0 Ia-64
Ubuntu Ubuntu Linux 4.1.0 Ppc
Debian Linux 3.1.0 Mips
Debian Linux 3.1.0 Mipsel
HP HP-UX B.11.23
Debian Linux 3.1.0 S/390
Debian Linux 3.1.0 Sparc
Mozilla Firefox 0.10.0
Mozilla Browser 1.7.11
Mozilla Firefox 1.5.0 Beta 1
Mozilla Firefox 1.0.1
Mozilla Browser 1.7.12
Red Hat Fedora Core4
Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
Mozilla Browser 1.7.6
Red Hat Enterprise Linux AS 3
Sun Solaris 10 X86
Red Hat Enterprise Linux WS 3
Mozilla Thunderbird 1.0.1
Mozilla Browser 0.9.8
Mozilla Browser 1.2.0
Sun Solaris 8 Sparc
Sun Solaris 8 X86
Mozilla Browser 1.7.10
Red Hat Enterprise Linux ES 2.1
SuSE Linux Personal 9.3.0
Mozilla Browser 1.0.2
Red Hat Enterprise Linux WS 2.1
Red Hat Fedora Core3
SuSE Linux Professional 9.1.0
SuSE Linux Professional 9.2.0
SuSE Linux Professional 9.3.0
SuSE Linux Professional 9.3.0 X86 64
SuSE Linux Professional 9.2.0 X86 64
SuSE Linux Professional 9.1.0 X86 64
Debian Linux 3.1.0 Hppa
Mozilla Browser 1.4.1
Ubuntu Ubuntu Linux 4.1.0 Ia64
Mandriva Corporate Server 3.0.0
Ubuntu Ubuntu Linux 4.1.0 Ia32
Debian Linux 3.1.0 M68k
Mozilla Browser 1.7.2
Mozilla Firefox 0.9.3
Mozilla Thunderbird 0.7.3
Mozilla Thunderbird 0.6.0
Mozilla Browser 1.7.0
Gentoo Linux
Mozilla Browser 1.7.0 Rc2
Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
Ubuntu Ubuntu Linux 5.0.0 4 I386
Mozilla Browser 1.7.1
Mozilla Firefox 0.9.2
Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.0
Mozilla Firefox 1.0.7
Sun Java Desktop System (JDS) 2.0.0
Mozilla SeaMonkey 1.0 Dev
Mozilla Firefox 0.9.0
Mozilla Firefox 0.9.1
Mozilla Browser 1.1.0 Beta
Mozilla Browser 0.9.9
Mozilla Browser 1.0.0 RC1
Mozilla Thunderbird 1.5.0 Beta 2
Red Hat Advanced Workstation for the Itanium Processor 2.1.0
Ubuntu Ubuntu Linux 5.10.0 Amd64
Sun Solaris 9 X86
Ubuntu Ubuntu Linux 5.10.0 Powerpc
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4
Debian Linux 3.1.0
Mozilla Browser 1.7.9
Mozilla Firefox 1.0.5
Mozilla Browser 1.7.4
Mozilla Browser 1.7.5
Mozilla Thunderbird 0.7.1
Ubuntu Ubuntu Linux 5.10.0 I386
SuSE Linux Personal 9.1.0 X86 64
Mozilla Browser 0.9.6
Mandriva Corporate Server 3.0.0 X86 64
Mozilla Firefox 0.8.0
SuSE Linux Personal 9.2.0
SuSE Linux Professional 10.0.0
Red Hat Fedora Core2
Mozilla Browser 1.0.0 RC2
Mozilla Browser 1.6.0
Mozilla Browser 1.7.0 Rc3
Mozilla Firefox 0.9.0 Rc
Mozilla Firefox 1.0.4
Mozilla Browser 1.4.0 A
Mozilla Thunderbird 1.0.2

APP:NOVELL:GROUPWISE-ADDRESSBK - APP: Novell GroupWise Addressbook Parsing Integer Overflow

Severity: HIGH

Description:

A heap buffer overflow vulnerability has been identified in Novell Groupware Client. The vulnerability is due to an integer overflow while parsing Novell Address Book files. An attacker can exploit this vulnerability by enticing a user to open a malformed Novell Address Book (.nab) file containing an overly long token. A successful attack would lead to injection and execution of arbitrary code in the security context of the target user. If the code execution attempt does not succeed, the application may terminate abnormally.

Supported On:

References:

cve: CVE-2012-0418

Affected Products:

novell groupwise 8.01 (hp)
novell groupwise 8.00 (hp3)
novell groupwise 8.02 (hp1)
novell groupwise 2012
novell groupwise 8.0
novell groupwise 8.00 (hp1)
novell groupwise 8.00 (hp2)
novell groupwise 8.02 (hp3)
novell groupwise 8.02 (hp2)

HTTP:STC:MICROSOFT-GDI-TIFF-RCE - HTTP: Multiple Microsoft Products TIFF Image Parsing Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against multiple Microsoft products. The issue is due to incorrect parsing of certain TIFF image files by Microsoft Graphics Component module GDI+. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 63530
bugtraq: 63530
cve: CVE-2013-3906

Affected Products:

microsoft office 2010 (sp2:x64)
microsoft office 2010 (sp2:x86)
microsoft office 2010 (sp1:x86)
microsoft windows_vista (sp2:x64)
microsoft lync 2013 (-:x86)
microsoft lync 2010 (:x64)
microsoft office 2010 (sp1:x64)
microsoft lync 2013 (-:x64)
microsoft windows_server_2008 (sp2:x86)
microsoft windows_server_2008 (sp2:itanium)
microsoft lync 2010 (:x86)
microsoft office 2003 (sp3)
microsoft lync_basic 2013 (-:x86)
microsoft windows_server_2008 (sp2:x64)
microsoft lync_basic 2013 (-:x64)
microsoft lync 2010 (:attendee)
microsoft office 2007 (sp3)

HTTP:STC:IE:HTML-RELOAD-CORRUPT - HTTP: Microsoft Internet Explorer 7 HTML Object Memory Corruption

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

bugtraq: 23770
cve: CVE-2007-0946
cve: CVE-2007-0947

Affected Products:

HP Storage Management Appliance 2.1
Microsoft Internet Explorer 7.0
Avaya Agent Access
Avaya CMS Supervisor
Avaya Computer Telephony
Avaya Contact Center Express
Avaya Messaging Application Server
Avaya Basic Call Management System Reporting Desktop
Avaya Basic Call Management System Reporting Desktop server
Avaya Enterprise Management
Avaya Interaction Center
Avaya Interaction Center - Voice Quick Start
Avaya Messaging Application Server MM 3.1
Avaya IP Softphone
Avaya OctelAccess(r) Server
Avaya Network Reporting
Avaya Modular Messaging (MSS) 2.0.0
Avaya Outbound Contact Management
Avaya Speech Access
Avaya Unified Messenger (r)
Avaya Visual Messenger TM
Avaya Visual Vector Client
Avaya VPNmanagerTM Console
Avaya Web Messenger
Nortel Networks CallPilot 703T
Nortel Networks Contact Center Manager Server
Nortel Networks CallPilot 201I
Avaya Unified Communication Center
Nortel Networks Contact Center
Microsoft Internet Explorer 7.0.5730.11
Nortel Networks CallPilot 702T
Avaya Integrated Management 2.1.0
Avaya Messaging Application Server MM 3.0
Nortel Networks CallPilot 1002Rp
Avaya Unified Communications Center S3400
Avaya Modular Messaging (MAS)
Avaya Modular Messaging (MAS) 3.0.0
Avaya IP Agent
Nortel Networks Contact Center Express
Nortel Networks Contact Center Multimedia
Nortel Networks Contact Center Web Client
Nortel Networks Contact Center Manager
Microsoft Internet Explorer 7.0 Beta2
Avaya Customer Interaction Express (CIE) User Interface 1.0
Microsoft Internet Explorer 7.0 Beta3
Avaya Modular Messaging (MSS) 1.1.0
Avaya Modular Messaging (MSS) 2.0.0 SP4
Nortel Networks Symposium Agent
Nortel Networks Contact Center Administration
Avaya Operational Analyst
Nortel Networks CallPilot 200I
Microsoft Internet Explorer 7.0 Beta1
Nortel Networks Centrex IP Client Manager
Avaya CVLAN
Avaya Integrated Management
Avaya OctelDesignerTM
Avaya Modular Messaging S3400
Avaya Messaging Application Server MM 2.0

APP:ZLIB-COMPRES-LIB-DOS - APP: Zlib Compression Library Denial Of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Zlib Compression Library. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2004-0797
bugtraq: 11051

Affected Products:

SCO Open Server 5.0.7
OpenBSD -Current
SuSE Linux Personal 9.1.0
OpenPKG 2.0.0
Mandriva Linux Mandrake 10.0.0 amd64
OpenBSD 3.5
OpenPKG 2.3.0
SCO Unixware 7.1.0
SCO Unixware 7.0.1
SCO Unixware 7.0.0
Trustix Secure Linux 2.2.0
SCO Open Server 5.0.6
SuSE SUSE Linux Enterprise Server 9
Trustix Secure Linux 3.0.0
Mandriva Linux Mandrake 10.0.0
OpenPKG 2.1.0
Trustix Secure Enterprise Linux 2.0.0
SCO Open Server 6.0.0
SCO Unixware 7.1.4
libpng 1.0.16
Red Hat Fedora Core2
FileZilla FileZilla Server 0.7.0
FileZilla FileZilla Server 0.7.1
zlib 1.2.0 .0.7
MacSSH 2.1.0 fc3
MacSFTP 1.0.6
Avaya Intuity R5 R5.1.46
zlib 1.2.1
SCO Unixware 7.1.1
OpenPKG Current
SCO Unixware 7.1.3 up
SCO Unixware 7.1.2
SCO Unixware 7.1.3
SCO Open Server 5.0.6 a
libpng libpng3 1.2.6
OpenPKG 2.2.0
CVS 1.12.12

POP3:DOS:ULTRAISO-CUE-BO - POP3: UltraISO Cue File Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the UltraISO. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 24140
cve: CVE-2007-2888

Affected Products:

EZB Systems UltraISO 8.5.1.1860
EZB Systems UltraISO 8.6.2.2011

POP3:APPLE-ICAL-PARAM-BO - POP3: Apple iCal Trigger and Count Parameters Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Apple iCal version 3.0.1 on Mac OS X. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

cve: CVE-2008-2006
bugtraq: 28632
bugtraq: 28629

Affected Products:

Apple iCal 3.0.1

HTTP:STC:DL:MSSQL-BACKUP-MEM - HTTP: Microsoft SQL Server Backup Restoring Memory Corruption

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft SQL Server. A successful attack can lead to privilege escalation and arbitrary code execution.

Supported On:

References:

cve: CVE-2008-0085
cve: CVE-2008-0107
bugtraq: 30119

Affected Products:

Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Datacenter Server SP3
Microsoft SQL Server 7.0 SP4
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Server SP1
Microsoft SQL Server 2000 SP1
Microsoft SQL Server 2000 SP4
VMWare VirtualCenter 2.5 Update 4
Microsoft SQL Server 2000 SP3
Microsoft SQL Server 2005 SP1
Microsoft SQL Server 7.0 SP1
Microsoft SQL Server 7.0 SP2
Microsoft SQL Server 2000 Itanium Edition SP4
Microsoft Windows 2000 Professional
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft SQL Server 2005 Express Edition SP2
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Advanced Server SP1
VMWare vCenter 4.0
Microsoft SQL Server 2005 x64 Edition SP1
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
VMWare VirtualCenter 2.5 Update 1
VMWare VirtualCenter 2.5 Update 2
Microsoft Windows Internal Database (WYukon) x64 SP2
Microsoft SQL Server 2000 Itanium Edition
Microsoft SQL Server 2000 Itanium Edition SP1
Microsoft SQL Server 2000 Itanium Edition SP2
Microsoft SQL Server 2000 Itanium Edition SP3
Microsoft SQL Server 2000 Desktop Engine SP3
Microsoft SQL Server 2000 Desktop Engine SP2
Microsoft SQL Server 2000 Desktop Engine SP1
Microsoft Data Engine (MSDE) 1.0 SP3
Microsoft Data Engine (MSDE) 1.0 SP2
Microsoft Windows 2000 Server
Microsoft Windows Internal Database (WYukon) SP1
VMWare Vcenter Update Manager 4.0
Microsoft Windows Internal Database (WYukon) x64 SP1
VMWare VirtualCenter 2.5 Update 5
Microsoft Data Engine (MSDE) 1.0 SP4
Microsoft Data Engine (MSDE) 1.0
Microsoft SQL Server 7.0
Microsoft Data Engine (MSDE) 1.0 SP1
VMWare vCenter 4.1
VMWare Vcenter Update Manager 1.0
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Internal Database (WYukon)
Microsoft Windows Server 2003 SP2
VMWare VirtualCenter 2.5 Update 6
VMWare Vcenter Update Manager 4.1
Microsoft SQL Server 2005 Itanium Edition SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows Internal Database (WYukon) x64
Microsoft SQL Server 2005 Express Edition SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP4
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1
Microsoft Windows 2000 Server SP4
VMWare VirtualCenter 2.5.Update 3 Build 11983
VMWare VirtualCenter 2.5
Microsoft SQL Server 2000 Desktop Engine SP4
Microsoft SQL Server 2000 Desktop Engine
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft SQL Server 2000
Microsoft SQL Server 7.0 SP3
Microsoft SQL Server 2005 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft SQL Server 2000 SP2
Microsoft Windows Internal Database (WYukon) SP2

POP3:APPLE-ICAL-ATTACH-DOS - POP3: Apple iCal ATTACH Parameter Denial Of Service

Severity: MEDIUM

Description:

Supported On:

References:

cve: CVE-2008-1035
bugtraq: 28633

Affected Products:

Apple iCal 3.0.1

HTTP:STC:DL:SEARCHMS-EXEC - HTTP: Microsoft Windows Explorer Search-ms File Parsing Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2008-1435
bugtraq: 30109

Affected Products:

Microsoft Windows Vista Enterprise 64-bit edition
Microsoft Windows Vista SP1
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Enterprise 64-bit edition SP1
Avaya Messaging Application Server
Microsoft Windows Vista Home Basic 64-bit edition SP1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Avaya Messaging Application Server MM 1.1
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Home Basic
Microsoft Windows Server 2008 Standard Edition Release Candidate
Microsoft Windows Server 2008 Enterprise Edition Release Candidate
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Home Basic 64-bit edition
Microsoft Windows Vista Home Premium 64-bit edition
Microsoft Windows Vista Ultimate 64-bit edition
Microsoft Windows Vista
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Server 2008 Datacenter Edition
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2008 Datacenter Edition Release Candidate
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems
Avaya Messaging Application Server MM 2.0

SMTP:EXPLOIT:JPXDECODE-RCE - SMTP: Adobe PDF JPXDecode Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Adobe Acrobat software. Attackers can send malicious PDF files through SMTP communication channel to victims or direct them to a hostile Web server, which if the victim interacts with these files or servers, can result in remote code execution on the victim's system.

Supported On:

References:

bugtraq: 37757
cve: CVE-2009-3955

Affected Products:

Red Hat Desktop Extras 4
Red Hat Desktop Extras 3
Adobe Acrobat Professional 9
Adobe Acrobat Professional 9.1.3
Adobe Acrobat 7.0.9
Adobe Acrobat 9.1.1
Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Supplementary 5 Server
Adobe Acrobat Professional 9.1
Adobe Acrobat Standard 9.1
Adobe Acrobat Professional 8.1.4
SuSE openSUSE 11.0
Adobe Acrobat Standard 9.1.2
Adobe Acrobat Professional 8.1.6
Adobe Reader 9.1.2
Adobe Acrobat Professional 9.1.2
Adobe Acrobat Standard 8.1.6
Adobe Reader 8.1.6
Nortel Networks Self-Service MPS 500
Nortel Networks Self-Service MPS 1000
SuSE SUSE Linux Enterprise 10 SP2
Nortel Networks Self-Service Speech Server
Adobe Acrobat Standard 8.1.4
Nortel Networks CallPilot 1005R
Nortel Networks CallPilot 600R
Adobe Reader 9.1.3
SuSE SUSE Linux Enterprise Desktop 11
Nortel Networks CallPilot 703T
Adobe Reader 8.1.5
Nortel Networks CallPilot 1002Rp
Nortel Networks CallPilot 200I
Red Hat Enterprise Linux Desktop Supplementary 5 Client
Adobe Acrobat Professional 8.1.7
Nortel Networks Self-Service Peri Application
Adobe Acrobat Standard 9
Adobe Reader 8.1
Adobe Acrobat Professional 8.1
Adobe Acrobat Standard 8.1
Adobe Reader 7.0.9
Adobe Acrobat Standard 8.1.7
Adobe Reader 8.1.4
Adobe Acrobat Standard 8.1.3
Red Hat Enterprise Linux AS Extras 3
Adobe Acrobat Standard 8.1.1
Nortel Networks CallPilot 201I
Adobe Acrobat Standard 8.1.2
Adobe Acrobat Professional 8.1.2
Adobe Reader 8.1.3
Adobe Reader 9
Adobe Reader 9.2
Adobe Acrobat Professional 9.2
Adobe Acrobat Standard 9.2
Adobe Reader 8.0
Adobe Acrobat Standard 9.1.3
Adobe Acrobat Standard 8.0
Adobe Reader 8.1.7
Adobe Acrobat Professional 8.1.3
Red Hat Enterprise Linux ES Extras 3
Adobe Reader 9.1.1
Adobe Acrobat Professional 8.0
Adobe Reader 9.1
Red Hat Enterprise Linux WS Extras 4
Adobe Reader 6.0.1
SuSE SUSE Linux Enterprise 10 SP3
Adobe Acrobat 6.0.1
Red Hat Enterprise Linux ES Extras 4
SuSE openSUSE 11.2
Nortel Networks Self-Service Media Processing Server
SuSE openSUSE 11.1
Adobe Reader 8.1.1
Adobe Acrobat Professional 8.1.1
Red Hat Enterprise Linux WS Extras 3
Adobe Acrobat 9.2
Adobe Reader 8.1.2
Red Hat Enterprise Linux AS Extras 4

HTTP:STC:DL:CISCO-FORMAT-PLY-MC - HTTP: Cisco WebEx Recording Format Player atas32.dll Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Cisco WebEx Recording Format Player. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2012-3939

Affected Products:

cisco webex_recording_format_player 28.0.0
cisco webex_recording_format_player 27.21.10
cisco webex_recording_format_player 27.32.1
cisco webex_recording_format_player 27.25.10
cisco webex_recording_format_player 27.11.26

HTTP:STC:ADOBE:MAL-BMP - HTTP: Adobe Acrobat/Reader PDF Malformed Bitmap Image File (BMP)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Adobe Acrobat and Adobe Reader PDF format. It involves the inclusion of an embedded Universal 3D object with an externally-referenced, malformed BMP texture. This signature detects a malformed BMP. A successful attack can result in arbitrary code execution as the user.

Supported On:

References:

cve: CVE-2011-0599
bugtraq: 46220

Affected Products:

Red Hat Desktop Extras 4
Adobe Acrobat 9.3.4
Red Hat Enterprise Linux Supplementary 5 Server
Red Hat Enterprise Linux Desktop Supplementary 6
Adobe Reader 9.1.2
Red Hat Enterprise Linux Workstation Supplementary 6
Adobe Acrobat Professional 8.1.6
Adobe Acrobat Professional 9.1.2
Adobe Acrobat Standard 8.1.6
Adobe Reader 8.1.6
Adobe Acrobat Professional 9.2
Adobe Acrobat 9.3.4
Adobe Reader 9.2
Adobe Acrobat Professional 8.0
Adobe Acrobat Professional 8.2
Adobe Acrobat Standard 8.2
Adobe Acrobat Standard 9.3
Adobe Acrobat 9.3
Adobe Reader 9.3
Adobe Acrobat Professional 9.3
Adobe Reader 8.2
Adobe Acrobat Professional 8.1.3
Adobe Reader 8.1.3
Adobe Reader 9
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1.3
Adobe Acrobat Standard 9.2
Adobe Reader 8.0
Adobe Acrobat Professional 8.1.7
Adobe Acrobat Standard 8.0
Adobe Reader 8.1.7
Adobe Acrobat Standard 8.1.7
Adobe Acrobat 9.3.3
Adobe Acrobat 9.4.1
Adobe Acrobat Professional 9.4.1
Adobe Acrobat Standard 9.4.1
Adobe Reader 9.4.1
Adobe Reader 9.3.2
Adobe Acrobat Standard 9.3.2
Adobe Acrobat Professional 9.3.2
Adobe Acrobat 9.3.2
Adobe Acrobat 8.2.2
Adobe Acrobat Professional 8.2.2
Adobe Acrobat Standard 8.2.2
Adobe Reader 8.2.2
Adobe Acrobat 8.2.4
Adobe Acrobat 8.2.5
Adobe Acrobat Professional 8.2.5
Adobe Acrobat Standard 8.2.5
Adobe Reader 8.2.5
Adobe Reader 9.4
Red Hat Enterprise Linux Server Supplementary 6
Adobe Acrobat Standard 9.1.2
Adobe Acrobat 9.1.1
SuSE SUSE Linux Enterprise Desktop 10 SP3
Adobe Acrobat Standard 9.3.4
Adobe Acrobat Professional 9.3.4
Adobe Reader 9.3.4
Adobe Reader 8.2.4
Adobe Acrobat Standard 9.3.4
Adobe Acrobat Professional 8.2.4
Adobe Acrobat Professional 8.1.2
Adobe Reader 9.1
Adobe Acrobat Professional 9.1
Adobe Acrobat Standard 9.1
Adobe Reader 9.3.3
Adobe Acrobat 9.3.3
Adobe Acrobat Professional 9.3.3
Adobe Acrobat Standard 9.3.3
Adobe Reader 9.3.1
Adobe Reader 8.2.1
Adobe Acrobat Standard 8.2.1
Adobe Acrobat Professional 8.2.1
Adobe Acrobat Professional 9.3.1
Adobe Acrobat Standard 9.3.1
Adobe Acrobat Professional 9 Extended
Adobe Reader 8.1.5
Adobe Reader 9.1.1
Red Hat Enterprise Linux Desktop Supplementary 5 Client
SuSE SUSE Linux Enterprise Desktop 11 SP1
Adobe Reader 8.2.3
Adobe Acrobat 8.2.3
Adobe Reader 9.1.3
Adobe Acrobat Professional 9.1.3
Adobe Acrobat Standard 9.1.3
Gentoo Linux
Adobe Acrobat 8.1.5
Adobe Reader 8.1.1
Adobe Acrobat Professional 8.1.1
Adobe Reader 8.1.2
Red Hat Enterprise Linux Extras 4
Adobe Reader 8.1.2 Security Update 1
Adobe Acrobat Professional 8.1.2 Security Update 1
Adobe Acrobat Standard 8.2.4
Adobe Reader 9.3.4
Adobe Reader 8.1
Adobe Acrobat Professional 8.1
Adobe Acrobat Standard 8.1
Adobe Reader 8.1.4
Adobe Acrobat Professional 8.1.4
Adobe Acrobat Standard 8.1.4
Adobe Acrobat Standard 9.4
Adobe Acrobat Professional 9.4
Adobe Acrobat 9.4
Adobe Acrobat Standard 8.1.1
Adobe Acrobat Standard 8.1.2
SuSE openSUSE 11.3
SuSE openSUSE 11.2
Adobe Acrobat Professional 9
Adobe Acrobat 9.3.1
Adobe Acrobat 9.2
Adobe Acrobat 10.0
Adobe Acrobat Professional 10.0
Adobe Acrobat Standard 10.0
Adobe Reader 10.0
Red Hat Enterprise Linux WS Extras 4
Red Hat Enterprise Linux ES Extras 4
Red Hat Enterprise Linux AS Extras 4

HTTP:STC:DL:OFFICE-VBA-UAF - HTTP: Microsoft Office VBA Module Stream Use after Free

Severity: HIGH

Description:

A use-after-free vulnerability has been identified in Microsoft Excel. The vulnerability can be exploited by enticing a user to open a crafted file and perform certain actions. If exploited successfully, the vulnerability could possibly permit execution of arbitrary code in the security context of the target user. At the time of writing no patch or advisory regarding this vulnerability was available from Microsoft.

Supported On:

SMTP:OVERFLOW:APPLE-PICT-MC - SMTP: Apple QuickDraw PICT Images ARGB Records Handling Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Apple Quickdraw. A successful attack can lead to a arbitrary remote code execution within the context of the affected application.

Supported On:

References:

cve: CVE-2007-0462
bugtraq: 22207

Affected Products:

Apple Mac OS X 10.4.8
Apple Mac OS X Server 10.4.8

HTTP:OVERFLOW:XNVIEW-IMAGE-FILE - HTTP: XnView Multiple Image Files Heap Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the XnView Multiple Image Files. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted daemon.

Supported On:

SMTP:EXPLOIT:AVI-RIGHT-CLICK - SMTP: Windows AVI Right Click DOS

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2007-0562

Affected Products:

microsoft windows_explorer 6.00.2900.2180

SMTP:OVERFLOW:MS-WMF-OF - SMTP: Microsoft Windows MetaFile AttemptWrite Function Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Windows MetaFile (WMF). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted user.

Supported On:

References:

cve: CVE-2007-3034
bugtraq: 25302

Affected Products:

Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows XP Home
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Professional
Avaya Messaging Application Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Advanced Server SP1
Avaya Messaging Application Server MM 3.1
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 Itanium SP1
Microsoft Windows Server 2003 x64 SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Advanced Server
HP Storage Management Appliance 2.1
Avaya Messaging Application Server MM 1.1
Microsoft Windows Server 2003 Itanium
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows XP Home SP1
Microsoft Windows XP Professional SP1
Microsoft Windows Server 2003 SP1
Microsoft Windows XP Professional x64 Edition
Avaya Customer Interaction Express (CIE) Server 1.0
Avaya Customer Interaction Express (CIE) User Interface 1.0
Microsoft Windows Server 2003 Datacenter Edition SP1
Avaya Messaging Application Server MM 2.0
Microsoft Windows XP Gold
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server SP2
Avaya Customer Interaction Express (CIE) User Interface 1.0.2
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Windows Server 2003 Datacenter Edition Itanium
HP Storage Management Appliance I
HP Storage Management Appliance II
HP Storage Management Appliance III
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows XP Home SP2
Microsoft Windows XP Professional SP2
Avaya Messaging Application Server MM 3.0
Microsoft Windows XP

HTTP:STC:DL:WORD-CLSID - HTTP: Microsoft Word Dangerous Embedded ClassID

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Word. A successful attack can lead to memory corruption and possibly arbitrary code execution.

Supported On:

References:

cve: CVE-2010-3329
bugtraq: 43706

Affected Products:

Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server 4
Avaya Aura Conferencing 6.0 Standard
Avaya Messaging Application Server
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 7.0
Avaya Aura Conferencing Standard
Microsoft Internet Explorer 8
Avaya Messaging Application Server 5
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server MM 1.1
Avaya CallPilot
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Avaya Communication Server 1000 Telephony Manager
Avaya Messaging Application Server MM 3.0

HTTP:STC:IE:OBJECTS-MC - HTTP: Microsoft Internet Explorer Objects Handling Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Explorer. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

cve: CVE-2008-2254
bugtraq: 30614

Affected Products:

Microsoft Internet Explorer 6.0
HP Storage Management Appliance 2.1
Microsoft Internet Explorer 7.0
Nortel Networks Contact Center NCC
Avaya Messaging Application Server
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Nortel Networks Self-Service Peri Workstation
Nortel Networks Self-Service MPS 100
Nortel Networks Self-Service MPS 500
Nortel Networks Self-Service MPS 1000
Nortel Networks Self-Service Speech Server
Microsoft Internet Explorer 6.0 SP1
Nortel Networks CallPilot 703T
Nortel Networks Contact Center Manager Server
Nortel Networks CallPilot 201I
Nortel Networks CallPilot 200I
Nortel Networks Contact Center
Nortel Networks Self-Service
Nortel Networks CallPilot 702T
Nortel Networks Self-Service Peri Application
Avaya Messaging Application Server MM 1.1
Nortel Networks Contact Center Express
Nortel Networks Contact Center Manager
Avaya Messaging Application Server MM 2.0
Nortel Networks CallPilot 1002Rp
Nortel Networks Contact Center Administration
Nortel Networks Enterprise VoIP TM-CS1000
HP Storage Management Appliance I
HP Storage Management Appliance II
HP Storage Management Appliance III
Nortel Networks Self-Service Media Processing Server

SMTP:DOS:MS-XL-2003-NULL-DOS - SMTP: Microsoft Excel 2003 NULL Pointer Dereference Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Excel 2003. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 22717
cve: CVE-2007-1239

Affected Products:

Microsoft Excel 2003 SP2
Microsoft Excel 2003 SP1
Microsoft Excel 2003

SMTP:OUTLOOK:VEVENT-MEMCORRUPT - SMTP: Microsoft Outlook iCal Meeting Request VEVENT Record Memory Corruption

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Outlook. By attaching a maliciously crafted attachment to an e-mail, an attacker can cause arbitrary code execution on the client.

Supported On:

References:

cve: CVE-2007-0033
bugtraq: 21931

Affected Products:

Microsoft Outlook 2000 SP3
Microsoft Outlook 2002 SP2
Microsoft Office XP
Microsoft Outlook 2000
Microsoft Office XP SP3
Microsoft Outlook 2002
Microsoft Office 2003 SP1
Microsoft Office 2000 SP1
Microsoft Office 2000 SP2
Microsoft Outlook 2002 SP3
Microsoft Office XP SP1
Microsoft Office 2003 SP2
Microsoft Outlook 2000 SP2
Microsoft Outlook 2003 SP2
Microsoft Outlook 2003
Microsoft Outlook 2000 SR1
Microsoft Outlook 2002 SP1
Microsoft Office 2000 SP3
Microsoft Office XP SP2
Microsoft Office 2000
Microsoft Office 2003

SMTP:EXPLOIT:MAL-AU-DOS - SMTP: Microsoft Media Player Malformed .au Divide by Zero DOS

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Media Player 11. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2007-4288
bugtraq: 25236
url: http://www.safehack.com/exp/mp/mplayer11.txt

Affected Products:

Microsoft Windows Media Player 11

SMTP:OVERFLOW:MHTML-OF - SMTP: Outlook Express MHTML Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Outlook express. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

References:

cve: CVE-2006-2766
url: http://archives.neohapsis.com/archives/bugtraq/2006-05/0695.html
url: http://www.microsoft.com/technet/security/bulletin/MS06-043.mspx
bugtraq: 18198

Affected Products:

Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Tablet PC Edition
Microsoft Windows 2000 Server SP1
Microsoft Windows XP Home SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Advanced Server
Microsoft Windows XP
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows XP Professional SP1
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server SP2
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Windows Server 2003 Datacenter Edition Itanium
Microsoft Windows XP Home SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Media Center Edition SP1

SMTP:EXPLOIT:QT-PICT-FILE-MC - SMTP: Apple QuickTime PICT File Processing Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple QuickTime PICT File. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 53584
cve: CVE-2012-0671

Affected Products:

Apple QuickTime Player 7.6.6
Apple QuickTime Player 7.6.9
Apple QuickTime Player 7.6.8
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.7.1
Apple QuickTime Player 7.7
Apple QuickTime Player 7.6.5
Apple QuickTime Player 7.5
Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.64.17.73
Apple QuickTime Player 7.6.7
Apple QuickTime Player 7.6.6 (1671)
Apple QuickTime Player 7.6.2
Apple QuickTime Player 7.6.4
Apple QuickTime Player 7.6

TROJAN:APACHE-DARKLEECH - TROJAN: Apache Web Servers Darkleech Malware Activity

Severity: CRITICAL

Description:

This signature detects Darkleech malware activity. Apache web servers infected with this malware inject malicious script content within HTML pages that redirect users to infected sites. This redirection could allow attacker to launch additional attacks.

Supported On:

References:

url: http://blog.unmaskparasites.com/2012/09/10/malicious-apache-module-injects-iframes/

HTTP:STC:OUTLOOK:WAB-BOF - HTTP: Outlook Express Address Book Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Outlook Express when processing contacts in Windows Address Book (.WAB) file. Attackers sending a maliciously crafted .WAB file can persuade a user to execute this file, causing a buffer overflow; thus allowing arbitrary code execution in the logged-on user's contexts.

Supported On:

References:

cve: CVE-2006-0014
url: http://www.microsoft.com/technet/security/bulletin/MS06-016.mspx
bugtraq: 17459

Affected Products:

Microsoft Outlook Express 6.0
Microsoft Outlook Express 6.0 SP1
Microsoft Outlook Express 5.5
Microsoft Outlook Express 5.5 SP2
Microsoft Outlook Express 5.5 SP1

HTTP:STC:IE:MULTI-ACTION - HTTP: Multiple MSHTML Action Handlers

Severity: MEDIUM

Description:

This signature detects HTTP traffic containing multiple Action Handlers inside an HTML tag. Malicious Web sites can utilize this vulnerability to crash client browsers. Internet Explorer 6 is vulnerable.

Supported On:

References:

cve: CVE-2006-1245
bugtraq: 17131

Affected Products:

Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 7.0 Beta1
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 7.0 Beta2
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 For Windows 95
Microsoft Internet Explorer 5.0.1 For Windows 98
Microsoft Internet Explorer 5.0.1 For Windows NT 4.0
Microsoft Internet Explorer 5.0.1 For Windows 2000
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3

HTTP:STC:IE:OBJECT-CODE-EXEC - HTTP: Microsoft Internet Explorer Object Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2013-3164

Affected Products:

microsoft internet_explorer 8

HTTP:STC:IE:CVE-2013-3153-MC - HTTP: Microsoft Internet Explorer CVE-2013-3153 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

References:

cve: CVE-2013-3153

Affected Products:

microsoft internet_explorer 8
microsoft internet_explorer 9
microsoft internet_explorer 10
microsoft internet_explorer 6
microsoft internet_explorer 7

SMTP:EMAIL:LOTUS-COLPALETTE-BO - SMTP: IBM Lotus Domino BMP Color Palette Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Lotus Domino. Successful exploitation could allow an attacker to launch further attacks.

Supported On:

References:

Affected Products:

ibm domino 8.5.3
ibm domino 9.0.1
ibm domino 8.5.2
ibm domino 9.0.0
ibm domino 8.5.1
ibm domino 8.5.0

SMTP:FFSMOUNTFS-BOF - SMTP: Mac OS X and FreeBSD ffs_mountfs Routine Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in ffs_mountfs routine used within Mac OS X and FreeBSD. A successful attack can lead to a buffer overflow and arbitrary remote code execution with elevated privileges.

Supported On:

References:

cve: CVE-2007-0229
bugtraq: 21993

Affected Products:

Apple Mac OS X 10.4.8
Apple Mac OS X Server 10.4.8
FreeBSD 6.1 -RELEASE

SMTP:MAL:LOTUS-DOC-VIEWER - SMTP: IBM Lotus Notes DOC Attachment Viewer Buffer Overflow

Severity: HIGH

Description:

Supported On:

References:

cve: CVE-2007-5544
bugtraq: 26146

Affected Products:

IBM Lotus Domino 6.5.6
IBM Lotus Domino 6.5.5 FP3
IBM Lotus Domino 7.0.3
IBM Lotus Domino 8.0
IBM Lotus Notes 6.5.5 FP3
IBM Lotus Notes 6.5.6
IBM Lotus Notes 7.0.2 FP1
IBM Lotus Notes 8.0

WORM:NIMDA:EMAIL-PROP - WORM: Nimda Email Propagation

Severity: MEDIUM

Description:

This signature detects the NIMDA worm in an outgoing e-mail message. NIMDA, a self-propagating worm, attempts to send copies of itself inside outgoing e-mail messages.

Supported On:

References:

url: http://www.f-secure.com/v-descs/nimda.shtml
cve: CVE-1999-0660

HTTP:STC:MS-DOTNET-NAMESPACE-BO - HTTP: Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft .NET framework. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 57114
cve: CVE-2013-0003

Affected Products:

microsoft .net_framework 3.5
microsoft .net_framework 3.5.1
microsoft .net_framework 4.5
microsoft .net_framework 2.0 (sp2)
microsoft .net_framework 4.0

HTTP:STC:JAVA:TRUE-TYPE-FONT-OF - HTTP: Oracle Java Runtime True Type Font IDEF Opcode Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Java Runtime True Type Font. A successful attack can lead to a heap buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

cve: CVE-2012-0499
bugtraq: 52016

Affected Products:

Avaya Aura Communication Manager Utility Services 6.2
Sun JDK (Solaris Production Release) 1.5.0_29
Sun JDK (Windows Production Release) 1.5.0_29
Avaya Messaging Storage Server 5.2
Sun JDK (Linux Production Release) 1.6.0_25
Red Hat Enterprise Linux Desktop Supplementary 6
Apple Mac Os X 10.6.5
Red Hat Enterprise Linux HPC Node Supplementary 6
Apple Mac OS X Server 10.6.5
Red Hat Enterprise Linux Server Supplementary 6
Red Hat Enterprise Linux Workstation Supplementary 6
Sun JRE (Linux Production Release) 1.4.2_31
Sun JRE (Linux Production Release) 1.5.0_29
Sun JRE (Linux Production Release) 1.6.0_25
Sun JRE (Solaris Production Release) 1.4.2_31
Sun JRE (Solaris Production Release) 1.5.0_29
Sun JRE (Windows Production Release) 1.4.2_31
Sun JRE (Solaris Production Release) 1.6.0_25
Avaya Message Networking 5.2.2
Avaya Messaging Storage Server 5.2.2
Avaya Proactive Contact 4.2.1
Sun JRE (Windows Production Release) 1.6.0_25
SuSE SUSE Linux Enterprise Desktop 10 SP4
SuSE SUSE Linux Enterprise Server 10 SP4
Avaya Aura Presence Services 6.0
Sun SDK (Solaris Production Release) 1.4.2_31
Oracle JRockit R27.6.0-50 1.5.0 15
Avaya Aura Conferencing 6.0 Standard
Sun JRE (Solaris Production Release) 1.5.0 13
Sun JDK (Linux Production Release) 1.5.0 .0 05
Apple Mac Os X 10.7.3
Apple Mac Os X Server 10.7.3
Sun JDK (Windows Production Release) 1.5.0.0 06
Avaya Aura SIP Enablement Services 5.2.1
Oracle JRockit R27.6.8
Oracle JRockit R28.1.1
Red Hat Enterprise Linux for SAP 5 Server
Sun JDK (Windows Production Release) 1.6.0 01
SuSE SUSE Linux Enterprise SDK 11 SP2
SuSE SUSE Linux Enterprise Server 11 SP2
Sun JRE (Linux Production Release) 1.4.2 01
Sun JRE (Solaris Production Release) 1.4.2 01
Sun JRE (Solaris Production Release) 1.4.2 02
Sun JRE (Windows Production Release) 1.4.2 02
Avaya Messaging Storage Server 5.2 SP1
Sun JDK (Linux Production Release) 1.6.0_24
Sun JDK (Solaris Production Release) 1.5.0_28
Sun JDK (Solaris Production Release) 1.6.0_24
Sun JDK (Windows Production Release) 1.5.0_28
Sun JDK (Windows Production Release) 1.6.0_24
Sun JRE (Linux Production Release) 1.4.2_30
Sun JRE (Linux Production Release) 1.5.0_28
Sun JRE (Solaris Production Release) 1.4.2_30
Sun JRE (Linux Production Release) 1.6.0_24
Sun JRE (Solaris Production Release) 1.5.0_28
Sun JRE (Solaris Production Release) 1.6.0_24
Sun JRE (Windows Production Release) 1.4.2_30
Sun JRE (Windows Production Release) 1.5.0_28
Sun JRE (Windows Production Release) 1.6.0_24
Sun SDK (Linux Production Release) 1.4.2_30
Sun SDK (Solaris Production Release) 1.4.2_30
Sun SDK (Windows Production Release) 1.4.2_30
Apple Mac Os X 10.6.8
Apple Mac Os X Server 10.6.8
Apple Mac OS X 10.6.2
Apple Mac OS X Server 10.6.2
Avaya Communication Manager 5.0
Apple Mac OS X 10.6.5
Apple Mac OS X Server 10.6.5
IBM Java SE 5.0.0 SR12
IBM Java SE 5.0.0 SR12
IBM Java SE 6.0.0 SR9
Sun JRE (Solaris Production Release) 1.5.0 01
Avaya Aura Session Manager 6.1 Sp1
Avaya Aura Session Manager 6.1 SP2
Avaya Aura System Manager 6.1 Sp1
Avaya Aura SIP Enablement Services 5.1
Sun JRE (Linux Production Release) 1.6.0 07
Sun JDK (Linux Production Release) 1.6.0 07
Sun JRE (Linux Production Release) 1.5.0 16
Sun JRE (Linux Production Release) 1.4.2 18
Avaya Meeting Exchange 5.2 SP2
Sun JRE (Windows Production Release) 1.4.2 18
Sun SDK (Linux Production Release) 1.4.2 17
Sun SDK (Linux Production Release) 1.4.2 18
Sun SDK (Solaris Production Release) 1.4.2 17
Sun SDK (Solaris Production Release) 1.4.2 18
Sun SDK (Windows Production Release) 1.4.2 17
Sun SDK (Windows Production Release) 1.4.2 18
Sun JDK (Solaris Production Release) 1.5.0 0 09
Sun JDK (Linux Production Release) 1.6.0 05
Sun JRE (Linux Production Release) 1.6.0 05
Sun JRE (Linux Production Release) 1.4.2 17
Sun JRE (Solaris Production Release) 1.4.2 17
Sun JRE (Windows Production Release) 1.4.2 17
Sun JDK (Linux Production Release) 1.5.0 15
Sun JDK (Solaris Production Release) 1.5.0 0 03
Sun JDK (Linux Production Release) 1.6.0 06
Sun JDK (Solaris Production Release) 1.5.0 15
Sun JRE (Solaris Production Release) 1.5.0 15
Sun JRE (Linux Production Release) 1.6.0 06
IBM Java SE 6.0 SR5
Sun JRE (Linux Production Release) 1.4.2 03
Sun JRE (Solaris Production Release) 1.4.2 03
Sun JRE (Windows Production Release) 1.4.2 03
Sun SDK (Linux Production Release) 1.4.2 01
Sun SDK (Linux Production Release) 1.4.2 03
Sun JRE (Linux Production Release) 1.4.2 04
Sun JRE (Solaris Production Release) 1.4.2 04
Sun JRE (Windows Production Release) 1.4.2 04
Sun SDK (Windows Production Release) 1.4.2 04
Sun SDK (Linux Production Release) 1.4.2 04
Sun SDK (Solaris Production Release) 1.4.2 04
Sun SDK (Solaris Production Release) 1.4.2 03
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2 12
Sun JRE (Linux Production Release) 1.4.2 12
Sun JRE (Windows Production Release) 1.5.0_29
Avaya Voice Portal 5.1 SP1
Sun JRE (Windows Production Release) 1.4.2 12
Sun JRE (Linux Production Release) 1.6.0 01
Avaya Communication Manager 5.2.1
Sun JDK (Linux Production Release) 1.5.0_33
Sun JDK (Linux Production Release) 1.6.0_30
Sun JDK (Solaris Production Release) 1.5.0_33
Sun JDK (Windows Production Release) 1.5.0_33
Sun JDK (Windows Production Release) 1.7.0_2
Sun JDK (Linux Production Release) 1.7.0_2
Sun JDK (Windows Production Release) 1.6.0_30
Sun JDK (Solaris Production Release) 1.6.0_30
Sun JDK (Solaris Production Release) 1.7.0_2
Sun JRE (Linux Production Release) 1.4.2_35
Sun JRE (Linux Production Release) 1.6.0_30
Sun JRE (Solaris Production Release) 1.4.2_35
Sun JRE (Windows Production Release) 1.5.0_33
Sun JRE (Windows Production Release) 1.7.0_2
Sun JRE (Solaris Production Release) 1.7.0_2
Sun JRE (Solaris Production Release) 1.5.0_33
Sun JRE (Windows Production Release) 1.6.0_30
Sun JRE (Linux Production Release) 1.5.0_33
Sun JRE (Linux Production Release) 1.7.0_2
Sun JRE (Windows Production Release) 1.4.2_35
Sun JRE (Solaris Production Release) 1.6.0_30
Sun SDK (Linux Production Release) 1.4.2_35
Sun SDK (Windows Production Release) 1.4.2_35
Sun SDK (Solaris Production Release) 1.4.2_35
Avaya IR 4.0
Sun JDK (Solaris Production Release) 1.6.0 20
Sun JDK (Linux Production Release) 1.6.0 20
Sun JRE (Linux Production Release) 1.6.0 14
Sun JRE (Windows Production Release) 1.6.0 14
Sun JRE (Solaris Production Release) 1.6.0 14
IBM Java SE 6.0.0 SR9-FP2
IBM Java SE 7.0
IBM Java SE 5.0 SR13
Sun JDK (Windows Production Release) 1.5.0 12
Avaya Aura Session Manager 5.2 SP2
Avaya Message Networking 5.2.1
Sun SDK (Linux Production Release) 1.4.2 16
Mandriva Linux Mandrake 2011
Mandriva Linux Mandrake 2011 x86_64
Apple Mac Os X 10.7
Oracle JRockit R27.6.5
Sun JDK (Solaris Production Release) 1.5.0 13
Oracle JRockit R27.6.2
Sun JavaFX 2.0.2
IBM Java SE 6 SR8 FP1
Sun JRE (Linux Production Release) 1.5.0 14
Oracle JRockit R27.6.7
Avaya Aura Application Enablement Services 6.1
Avaya Aura Session Manager 6.1
Sun JDK (Linux Production Release) 1.5.0 16
Sun JDK (Solaris Production Release) 1.5.0 16
Sun JDK (Windows Production Release) 1.5.0 16
Avaya Aura SIP Enablement Services 5.0
Sun JRE (Linux Production Release) 1.5.0 07
Sun JDK (Linux Production Release) 1.7.0
Oracle JRockit R28.0.1
Sun JDK (Linux Production Release) 1.5.0 01
Sun JDK (Linux Production Release) 1.5.0 02
Red Hat Enterprise Linux WS Extras 4
Red Hat Enterprise Linux ES Extras 4
Red Hat Enterprise Linux AS Extras 4
Red Hat Desktop Extras 4
Sun SDK (Linux Production Release) 1.4.2 15
Sun SDK (Solaris Production Release) 1.4.2 15
Sun SDK (Windows Production Release) 1.4.2 15
Avaya Proactive Contact 4.2
Sun JRE (Linux Production Release) 1.4.2 06
Sun JRE (Windows Production Release) 1.4.2 06
Avaya Aura Experience Portal 6.0
Sun JRE (Linux Production Release) 1.4.2 10-B03
Avaya Aura Presence Services 6.1
Sun JDK (Solaris Production Release) 1.6.0 15
Avaya Meeting Exchange 5.0
Sun SDK (Windows Production Release) 1.4.2 03
Sun JRE (Linux Production Release) 1.5.0 15
Sun SDK (Solaris Production Release) 1.4.2 16
Avaya Messaging Storage Server 5.2.8
Sun SDK (Windows Production Release) 1.4.2 16
Apple Mac OS X 10.6
Apple Mac OS X Server 10.6
Oracle JRockit R28.2.2
Oracle JRockit R27.7.1
Sun SDK (Windows Production Release) 1.4.2_31
Sun JDK (Windows Production Release) 1.6.0 18
Sun JDK (Solaris Production Release) 1.6.0 18
Sun JDK (Linux Production Release) 1.6.0 18
Sun JRE (Linux Production Release) 1.6.0 18
Sun JRE (Windows Production Release) 1.6.0 18
Sun JDK (Windows Production Release) 1.5.0 23
Sun JRE (Solaris Production Release) 1.6.0 18
Sun JDK (Linux Production Release) 1.5.0 23
Sun JDK (Solaris Production Release) 1.5.0 23
Sun JRE (Windows Production Release) 1.5.0 23
Sun JRE (Linux Production Release) 1.5.0 23
Sun SDK (Windows Production Release) 1.4.2 25
Sun JRE (Solaris Production Release) 1.5.0 23
Sun SDK (Linux Production Release) 1.4.2 25
Sun SDK (Solaris Production Release) 1.4.2 25
Sun JRE (Windows Production Release) 1.4.2 25
Sun JRE (Linux Production Release) 1.4.2 25
Sun JRE (Solaris Production Release) 1.4.2 25
IBM JAVA IBM 31-bit SDK for z/OS 6.0
Avaya Voice Portal 5.0
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.1 SP1
Sun JDK (Windows Production Release) 1.5.0 .0 05
Apple Mac OS X 10.6.3
Apple Mac OS X Server 10.6.3
Sun JDK (Solaris Production Release) 1.5.0 .0 05
Avaya Aura System Platform 6.0.2
Avaya Communication Manager 5.2
Avaya Aura SIP Enablement Services 5.2
Avaya Voice Portal 5.0 SP1
Sun JRE (Linux Production Release) 1.6.0 19
Sun JRE (Windows Production Release) 1.6.0 19
Sun JRE (Solaris Production Release) 1.6.0 19
Sun JDK (Solaris Production Release) 1.6.0 19
Sun JDK (Windows Production Release) 1.6.0 19
Sun JDK (Linux Production Release) 1.6.0 19
Sun JDK (Linux Production Release) 1.5.0 24
Sun JDK (Windows Production Release) 1.5.0 24
Sun JDK (Solaris Production Release) 1.5.0 24
Sun SDK (Linux Production Release) 1.4.2 26
Sun SDK (Windows Production Release) 1.4.2 26
Sun SDK (Solaris Production Release) 1.4.2 26
Apple Mac Os X 10.6.6
Apple Mac OS X Server 10.6.6
Avaya Aura System Manager 6.1
Avaya Aura System Manager 6.1 SP2
Sun JRE (Linux Production Release) 1.6.0 12
Avaya Voice Portal 5.1.1
Avaya Aura System Platform 1.1
Avaya Aura System Manager 5.2
Avaya Aura Conferencing 6.0 SP1 Standard
Sun JRE (Linux Production Release) 1.6.0
Sun JRE (Linux Production Release) 1.6.0 10
Avaya Message Networking 5.2.3
Sun JRE (Linux Production Release) 1.4.2 15
Sun JRE (Windows Production Release) 1.4.2 15
Sun JRE (Solaris Production Release) 1.4.2 15
Avaya Message Networking 5.2.4
Apple Mac OS X Server 10.6.1
Apple Mac OS X 10.6.1
Sun JDK (Solaris Production Release) 1.6.0 01
Sun JRE (Linux Production Release) 1.5.0 09
Avaya Proactive Contact 5.0
Avaya Messaging Storage Server 5.2 SP2
Avaya Messaging Storage Server 5.2 SP3
Avaya Message Networking 5.2 SP1
Sun JRE (Linux Production Release) 1.5.0 10
Sun SDK (Linux Production Release) 1.4.2 09
Sun SDK (Linux Production Release) 1.4.2 10
Sun SDK (Linux Production Release) 1.4.2 11
Sun SDK (Linux Production Release) 1.4.2 12
Sun SDK (Linux Production Release) 1.4.2 13
Sun SDK (Linux Production Release) 1.4.2 14
Sun SDK (Solaris Production Release) 1.4.2 09
Sun SDK (Solaris Production Release) 1.4.2 10
Sun SDK (Solaris Production Release) 1.4.2 11
Sun SDK (Solaris Production Release) 1.4.2 12
Sun SDK (Solaris Production Release) 1.4.2 13
Sun SDK (Solaris Production Release) 1.4.2 14
Sun SDK (Windows Production Release) 1.4.2 09
Sun SDK (Windows Production Release) 1.4.2 10
Sun SDK (Windows Production Release) 1.4.2 11
Sun SDK (Windows Production Release) 1.4.2 12
Sun SDK (Windows Production Release) 1.4.2 13
Sun SDK (Windows Production Release) 1.4.2 14
Sun JRE (Windows Production Release) 1.4.2 07
Sun JRE (Windows Production Release) 1.4.2 08
Sun JRE (Windows Production Release) 1.4.2 09
Sun JRE (Windows Production Release) 1.4.2 10
Sun JRE (Windows Production Release) 1.4.2 11
Sun JRE (Windows Production Release) 1.4.2 13
Sun JRE (Windows Production Release) 1.4.2 14
Sun JRE (Solaris Production Release) 1.4.2 07
Sun JRE (Solaris Production Release) 1.4.2 08
Sun JRE (Solaris Production Release) 1.4.2 09
Sun JRE (Solaris Production Release) 1.4.2 10
Sun JRE (Solaris Production Release) 1.4.2 11
Sun JRE (Solaris Production Release) 1.4.2 13
Sun JRE (Solaris Production Release) 1.4.2 14
Sun JRE (Linux Production Release) 1.4.2 10
Sun JRE (Linux Production Release) 1.4.2 11
Sun JRE (Linux Production Release) 1.4.2 13
Sun JRE (Linux Production Release) 1.4.2 14
Sun JDK (Solaris Production Release) 1.6.0 01-B06
Sun JRE (Linux Production Release) 1.6.0 11
Sun JRE (Solaris Production Release) 1.6.0 11
Sun JRE (Windows Production Release) 1.6.0 11
Sun JRE (Solaris Production Release) 1.5.0
Sun JRE (Linux Production Release) 1.5.0
Sun JRE (Windows Production Release) 1.5.0
Sun JRE (Windows Production Release) 1.5.0 06
Sun JRE (Solaris Production Release) 1.5.0 06
Sun JRE (Linux Production Release) 1.5.0 06
Sun JRE (Linux Production Release) 1.5.0 03
Sun JRE (Linux Production Release) 1.5.0 04
Sun JRE (Linux Production Release) 1.4.2 09
Sun JDK (Linux Production Release) 1.6.0 10
Sun JDK (Linux Production Release) 1.6.0 11
IBM JAVA IBM 64-bit SDK for z/OS 6.0
Avaya Aura System Manager 6.1.1
Sun JDK (Linux Production Release) 1.5.0 17
Sun SDK (Solaris Production Release) 1.4.2 19
Sun SDK (Windows Production Release) 1.4.2 19
Sun SDK (Linux Production Release) 1.4.2 19
Sun JDK (Linux Production Release) 1.5.0_28
Sun JDK (Linux Production Release) 1.5.0 14
SuSE SUSE Linux Enterprise Java 10 SP4
SuSE SUSE Linux Enterprise Java 11 SP1
IBM Java SE 6 SR10
IBM Java SE 1.4.2 SR13-FP11
Sun JRE (Solaris Production Release) 1.5.0 17
Sun JRE (Solaris Production Release) 1.4.2 19
Avaya Voice Portal 5.1.2
Avaya Aura Session Manager 6.1.3
Avaya Aura System Manager 6.1.2
Sun JDK (Windows Production Release) 1.5.0_25
Avaya IQ 5.1.1
Avaya Meeting Exchange 5.0.0.0.52
Red Hat Enterprise Linux Supplementary 5 Server
Sun JRE (Windows Production Release) 1.4.2 01
Sun JDK (Solaris Production Release) 1.5.0 11-B03
Avaya Voice Portal 5.0 SP2
Sun JRE (Solaris Production Release) 1.4.2 06
Sun SDK (Linux Production Release) 1.4.2_31
Avaya Messaging Application Server 5.2
Avaya Aura Conferencing 6.0.0 Standard
IBM Java SE 5.0
IBM Java SE 6.0
IBM Java SE 1.4.2
Avaya Voice Portal 5.1
Sun JDK (Linux Production Release) 1.5.0
Sun JDK (Linux Production Release) 1.5.0 07
Oracle JRockit R27.6.0
Sun JRE (Linux Production Release) 1.4.2 20
Sun JRE (Solaris Production Release) 1.4.2 20
Sun JRE (Linux Production Release) 1.5.0 01
Sun JRE (Linux Production Release) 1.5.0 02
Sun JRE (Linux Production Release) 1.5.0 05
Sun JRE (Windows Production Release) 1.4.2 20
Avaya Communication Manager 5.0 SP3
Avaya Communication Manager 5.1
Sun JDK (Windows Production Release) 1.6.0_22
HP HP-UX B.11.11
Sun SDK (Linux Production Release) 1.4.2 06
Sun SDK (Linux Production Release) 1.4.2 07
Sun JRE (Linux Production Release) 1.4.2 08
Sun SDK (Linux Production Release) 1.4.2 20
Sun JRE (Linux Production Release) 1.5.0 .0 Beta
HP HP-UX B.11.23
Sun JRE (Linux Production Release) 1.6.0 04
Sun JDK (Linux Production Release) 1.6.0 04
Sun JDK (Linux Production Release) 1.6.0
SuSE SUSE Linux Enterprise Server 11 SP1
SuSE SUSE Linux Enterprise SDK 11 SP1
Avaya Aura SIP Enablement Services 4.0
Sun JRE (Linux Production Release) 1.6.0 20
Sun JRE (Windows Production Release) 1.6.0 20
Avaya Aura Application Enablement Services 5.2
Sun JRE (Solaris Production Release) 1.6.0 15
Sun SDK (Windows Production Release) 1.4.2 20
Avaya Message Networking 5.2
Sun JRE (Windows Production Release) 1.6.0 15
Sun JDK (Solaris Production Release) 1.6.0
Apple Mac Os X 10.7.1
Apple Mac Os X Server 10.7
Apple Mac Os X Server 10.7.1
Apple Mac Os X Server 10.7.2
Sun JDK (Windows Production Release) 1.6.0
Sun JDK (Windows Production Release) 1.5.0.0 12
Sun JDK (Linux Production Release) 1.5.0.0 12
Sun JDK (Solaris Production Release) 1.6.0 02
Oracle JRockit R27.6.3
Sun JDK (Solaris Production Release) 1.5.0_31
Sun JDK (Windows Production Release) 1.5.0_31
Sun JDK (Linux Production Release) 1.6.0_27
Sun JDK (Solaris Production Release) 1.6.0_27
Sun JDK (Windows Production Release) 1.6.0_27
Sun JRE (Linux Production Release) 1.5.0_31
Sun JRE (Solaris Production Release) 1.5.0_31
HP Network Node Manager i 9.1
Sun JRE (Linux Production Release) 1.6.0_27
Sun JRE (Solaris Production Release) 1.6.0_27
Sun JRE (Windows Production Release) 1.6.0_27
Sun JRE (Linux Production Release) 1.7
Sun JRE (Solaris Production Release) 1.7
Sun JRE (Windows Production Release) 1.7
Sun JDK (Linux Production Release) 1.5.0_31
Sun JDK (Linux Production Release) 1.5.0.0 03
Oracle JRockit R28.1.4
Sun JDK (Linux Production Release) 1.5.0_32
Sun JDK (Solaris Production Release) 1.5.0_32
Sun JDK (Windows Production Release) 1.5.0_32
Sun JDK (Linux Production Release) 1.6.0_28
Sun JDK (Windows Production Release) 1.5.0 .0 04
Sun JDK (Windows Production Release) 1.6.0_28
Sun JRE (Linux Production Release) 1.4.2_33
Sun JDK (Solaris Production Release) 1.5.0 .0 04
Sun JRE (Windows Production Release) 1.4.2_33
Sun JRE (Linux Production Release) 1.5.0_32
Sun JRE (Solaris Production Release) 1.5.0_32
Sun JRE (Windows Production Release) 1.5.0_32
Sun JRE (Linux Production Release) 1.6.0_28
Sun JRE (Solaris Production Release) 1.6.0_28
Sun JRE (Windows Production Release) 1.6.0_28
Sun SDK (Linux Production Release) 1.4.2_33
Sun SDK (Solaris Production Release) 1.4.2_33
Sun SDK (Windows Production Release) 1.4.2_33
Sun SDK (Solaris Production Release) 1.4.2 08
Sun SDK (Linux Production Release) 1.4.2 08
Avaya Aura System Platform 6.0
Sun JDK (Windows Production Release) 1.5.0 07-B03
Sun JDK (Windows Production Release) 1.5.0 11-B03
Sun JDK (Windows Production Release) 1.6.0 01-B06
IBM Java SE 5.0 SR10
IBM Java SE 5.0 SR11
IBM Java SE 6.0 SR6
IBM Java SE 6.0 SR7
Avaya Aura Session Manager 6.0 SP1
Red Hat Enterprise Linux SAP 6
Sun JDK (Linux Production Release) 1.5.0 07-B03
Sun JDK (Linux Production Release) 1.5.0 11-B03
Sun JDK (Linux Production Release) 1.6.0 01-B06
Sun JDK (Solaris Production Release) 1.5.0 0 10
Sun JDK (Linux Production Release) 1.6.0 14
Sun JDK (Windows Production Release) 1.5.0 0 10
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Avaya Aura System Manager 6.0
Avaya Aura Session Manager 5.2
IBM Java SE 1.4.2 SR13-FP10
Sun JRE (Windows Production Release) 1.5.0.0 07
Sun JRE (Solaris Production Release) 1.5.0.0 07
Sun JDK (Windows Production Release) 1.5.0.0 08
Sun JDK (Linux Production Release) 1.5.0.0 08
Sun JRE (Windows Production Release) 1.5.0.0 08
Sun JRE (Solaris Production Release) 1.5.0.0 08
Sun JDK (Windows Production Release) 1.5.0.0 09
Sun JDK (Linux Production Release) 1.5.0.0 09
Sun JRE (Windows Production Release) 1.5.0.0 09
Sun JRE (Solaris Production Release) 1.5.0.0 09
Sun JRE (Solaris Production Release) 1.5.0 14
Sun JRE (Solaris Production Release) 1.6.0 2
Avaya Aura Application Enablement Services 5.2.2
Sun JRE (Windows Production Release) 1.6.0 2
Sun JRE (Windows Production Release) 1.5.0 14
Avaya Aura System Manager 6.0 SP1
Sun JRE (Windows Production Release) 1.4.2 07
Sun JRE (Solaris Production Release) 1.4.2 07
Sun JRE (Solaris Production Release) 1.4.2 08
Sun JRE (Windows Production Release) 1.4.2 08
Sun JRE (Windows Production Release) 1.4.2 09
Sun JRE (Solaris Production Release) 1.4.2 09
HP HP-UX B.11.23
Sun SDK (Solaris Production Release) 1.4.2 06
Sun SDK (Windows Production Release) 1.4.2 06
Sun SDK (Windows Production Release) 1.4.2 07
Sun JRE (Windows Production Release) 1.4.2 05
Sun JRE (Linux Production Release) 1.4.2 05
Avaya Aura Communication Manager Utility Services 6.1
Apple Mac OS X 10.6.4
Apple Mac OS X Server 10.6.4
Sun JRE (Solaris Production Release) 1.5.0 11
Sun JRE (Windows Production Release) 1.5.0 11
Sun JRE (Linux Production Release) 1.4.2 07
Avaya IQ 5.1
Sun JRE (Solaris Production Release) 1.4.2 18
Sun JRE (Solaris Production Release) 1.5.0 10
Sun JRE (Windows Production Release) 1.5.0 10
Apple Mac Os X 10.6.7
Apple Mac Os X Server 10.6.7
Sun JDK (Solaris Production Release) 1.5.0 07-B03
Sun JRE (Windows Production Release) 1.5.0 01
Sun JRE (Solaris Production Release) 1.5.0 02
Sun JRE (Windows Production Release) 1.5.0 02
Sun JRE (Solaris Production Release) 1.5.0 03
Sun JRE (Windows Production Release) 1.5.0 03
Sun JRE (Solaris Production Release) 1.5.0 04
Sun JRE (Windows Production Release) 1.5.0 04
Sun JRE (Solaris Production Release) 1.5.0 05
Sun JRE (Windows Production Release) 1.5.0 05
Sun JDK (Solaris Production Release) 1.5.0 01
Sun JDK (Windows Production Release) 1.5.0 01
Sun JDK (Solaris Production Release) 1.5.0 14
Sun JDK (Windows Production Release) 1.5.0 14
Sun JDK (Windows Production Release) 1.5.0 15
Sun JDK (Solaris Production Release) 1.5.0 17
Sun JDK (Windows Production Release) 1.5.0 17
Sun JDK (Solaris Production Release) 1.5.0 18
Sun JDK (Windows Production Release) 1.5.0 18
Sun JDK (Solaris Production Release) 1.5.0 02
Sun JDK (Windows Production Release) 1.5.0 02
Sun JDK (Solaris Production Release) 1.6.0 10
Sun JDK (Windows Production Release) 1.6.0 10
Sun JDK (Solaris Production Release) 1.6.0 04
Sun JDK (Windows Production Release) 1.6.0 04
Sun JDK (Solaris Production Release) 1.6.0 14
Sun JDK (Windows Production Release) 1.6.0 14
Sun JDK (Solaris Production Release) 1.6.0 13
Sun JDK (Windows Production Release) 1.6.0 13
Sun JDK (Solaris Production Release) 1.6.0 11
Sun JDK (Windows Production Release) 1.6.0 11
Sun JRE (Linux Production Release) 1.5.0 18
Sun JRE (Linux Production Release) 1.6.0 13
Sun JDK (Solaris Production Release) 1.6.0 05
Sun JDK (Windows Production Release) 1.6.0 05
Sun JDK (Windows Production Release) 1.6.0 06
Sun JDK (Solaris Production Release) 1.6.0 06
Sun JDK (Solaris Production Release) 1.6.0 07
Sun JDK (Windows Production Release) 1.6.0 07
Sun JDK (Linux Production Release) 1.5.0 18
Sun JDK (Linux Production Release) 1.6.0 13
Sun JDK (Solaris Production Release) 1.7.0
Sun JDK (Windows Production Release) 1.7.0
Sun JRE (Solaris Production Release) 1.6.0
Sun JRE (Windows Production Release) 1.6.0
Sun JRE (Solaris Production Release) 1.6.0 10
Sun JRE (Windows Production Release) 1.6.0 10
Sun JRE (Windows Production Release) 1.5.0 15
Sun JRE (Solaris Production Release) 1.5.0 16
Sun JRE (Windows Production Release) 1.5.0 16
Sun JRE (Solaris Production Release) 1.5.0 18
Sun JRE (Windows Production Release) 1.5.0 18
Avaya Aura Session Manager 6.0
Oracle JRockit R27.6.9
Oracle JRockit R28.1.3
Sun JRE (Windows Production Release) 1.6.0 13
Sun JRE (Solaris Production Release) 1.6.0 04
Sun JRE (Windows Production Release) 1.6.0 04
Sun JRE (Solaris Production Release) 1.6.0 05
Sun JRE (Windows Production Release) 1.6.0 05
Sun JRE (Solaris Production Release) 1.6.0 06
Sun JRE (Windows Production Release) 1.6.0 06
Sun JRE (Solaris Production Release) 1.6.0 07
Sun JRE (Windows Production Release) 1.6.0 07
IBM Java SE 7
IBM Java SE 6
HP HP-UX B.11.31
Avaya IP Office Application Server 6.1
Sun JRE (Windows Production Release) 1.6.0 12
Sun JRE (Linux Production Release) 1.4.2 02
Avaya Aura Application Server 5300 SIP Core 2.0
Sun JDK (Linux Production Release) 1.5.0_27
Sun JDK (Solaris Production Release) 1.5.0_27
Sun JDK (Windows Production Release) 1.5.0_27
Avaya IP Office Application Server 7.0
Sun JRE (Linux Production Release) 1.5.0_27
Sun JRE (Solaris Production Release) 1.5.0_27
Sun JRE (Windows Production Release) 1.5.0_27
Sun JRE (Linux Production Release) 1.4.2_29
Avaya Meeting Exchange 5.2
Sun JRE (Windows Production Release) 1.4.2_29
Sun SDK (Linux Production Release) 1.4.2_29
Sun SDK (Solaris Production Release) 1.4.2_29
Sun SDK (Windows Production Release) 1.4.2_29
Sun JRE (Solaris Production Release) 1.6.0 13
HP JDK and JRE 7.0.0
Oracle JRockit R27.6.4
Avaya Aura Application Enablement Services 5.2.3
Sun SDK (Solaris Production Release) 1.4.2 07
Avaya IQ 5.2
Avaya Aura System Platform 6.0 SP2
Avaya Aura System Platform 6.0 SP3
Sun JDK (Linux Production Release) 1.6.0_21
Sun JDK (Linux Production Release) 1.6.0_22
Sun JDK (Linux Production Release) 1.5.0_25
Sun JDK (Linux Production Release) 1.5.0_26
Sun JDK (Solaris Production Release) 1.6.0_21
Sun JDK (Solaris Production Release) 1.6.0_22
Sun JDK (Solaris Production Release) 1.5.0_25
Sun JDK (Solaris Production Release) 1.5.0_26
Sun JDK (Windows Production Release) 1.6.0_21
Oracle JRockit R27.6.6
Mandriva Enterprise Server 5 X86 64
IBM Java SE 5.0 SR11 PF1
Sun JRE (Linux Production Release) 1.6.0_21
Sun JRE (Linux Production Release) 1.6.0_22
Sun JRE (Linux Production Release) 1.5.0_25
Sun JRE (Linux Production Release) 1.5.0_26
Sun JRE (Linux Production Release) 1.4.2_27
Sun JRE (Linux Production Release) 1.4.2_28
Sun JRE (Solaris Production Release) 1.6.0_21
Sun JRE (Solaris Production Release) 1.6.0_22
Sun JRE (Solaris Production Release) 1.5.0_25
Sun JRE (Solaris Production Release) 1.5.0_26
Sun JRE (Solaris Production Release) 1.4.2_27
Sun JRE (Solaris Production Release) 1.4.2_28
Sun JRE (Windows Production Release) 1.6.0_21
Sun JRE (Windows Production Release) 1.6.0_22
Sun JRE (Windows Production Release) 1.5.0_25
Sun JRE (Windows Production Release) 1.5.0_26
Sun JRE (Windows Production Release) 1.4.2 _27
Sun JRE (Windows Production Release) 1.4.2 _28
Sun SDK (Linux Production Release) 1.4.2_27
Sun SDK (Linux Production Release) 1.4.2_28
Sun SDK (Solaris Production Release) 1.4.2_28
Sun SDK (Solaris Production Release) 1.4.2_27
Sun SDK (Windows Production Release) 1.4.2_27
Sun SDK (Windows Production Release) 1.4.2_28
Mandriva Enterprise Server 5
Avaya Aura Presence Services 6.1.1
Sun JDK (Linux Production Release) 1.6.0 02
Sun JDK (Windows Production Release) 1.6.0 02
Sun JRE (Windows Production Release) 1.5.0_31
Sun JRE (Linux Production Release) 1.6.0 02
Sun JRE (Solaris Production Release) 1.6.0 01
Sun JRE (Solaris Production Release) 1.6.0 02
Sun JRE (Windows Production Release) 1.6.0 01
Sun JRE (Windows Production Release) 1.6.0 02
Sun JRE (Linux Production Release) 1.4.2 16
Sun JRE (Solaris Production Release) 1.4.2 16
Sun JRE (Windows Production Release) 1.4.2 16
Avaya Aura Session Manager 5.2 SP1
Sun JDK (Windows Production Release) 1.5.0 13
Sun JDK (Solaris Production Release) 1.5.0 11
Sun JDK (Solaris Production Release) 1.5.0 12
Avaya Aura Session Manager 1.1
Avaya Meeting Exchange 5.1
Sun JDK (Linux Production Release) 1.5.0 13
Sun JRE (Linux Production Release) 1.5.0 12
Sun JRE (Linux Production Release) 1.5.0 13
Sun JRE (Solaris Production Release) 1.5.0 12
Avaya Communication Manager 5.1.2
Sun JRE (Windows Production Release) 1.5.0 12
Sun JRE (Windows Production Release) 1.5.0 13
Sun JDK (Solaris Production Release) 1.6.0 03
Sun JDK (Linux Production Release) 1.6.0 03
Sun JRE (Solaris Production Release) 1.4.2_29
Avaya IQ 5
Sun JDK (Windows Production Release) 1.6.0 03
Sun JRE (Linux Production Release) 1.6.0 03
Sun JRE (Solaris Production Release) 1.6.0 03
Sun JRE (Windows Production Release) 1.6.0 03
Sun JRE (Windows Production Release) 1.4.2 24
Sun JavaFX 2.0
Sun JRE (Solaris Production Release) 1.4.2 05
Sun SDK (Solaris Production Release) 1.4.2 05
Sun SDK (Linux Production Release) 1.4.2 05
Sun SDK (Windows Production Release) 1.4.2 05
Sun JDK (Solaris Production Release) 1.6.0_25
Avaya Aura System Platform 6.0.1
Sun JDK (Linux Production Release) 1.5.0 06
IBM Java SE 5.0 SR12-FP5
Sun JDK (Solaris Production Release) 1.5.0 06
Avaya Aura Application Enablement Services 6.1.1
Sun JDK (Solaris Production Release) 1.5.0 .0 03
Sun JDK (Windows Production Release) 1.5.0 .0 03
Red Hat Enterprise Linux Desktop Supplementary 5 Client
Sun JDK (Windows Production Release) 1.5.0 22
Sun JRE (Linux Production Release) 1.5.0 08
Sun JDK (Windows Production Release) 1.6.0_25
Sun JDK (Solaris Production Release) 1.6.0_28
Sun JDK (Linux Production Release) 1.5.0.0 11
Sun JDK (Windows Production Release) 1.5.0.0 11
Sun JRE (Linux Production Release) 1.5.0 11
Avaya IP Office Application Server 8.0
Sun JDK (Linux Production Release) 1.5.0.0 04
Sun JDK (Linux Production Release) 1.6.0 01
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Session Manager 6.1.1
Avaya Aura Session Manager 6.1.2
Sun JRE (Solaris Production Release) 1.4.2_33
Avaya Proactive Contact 4.2.2
Sun JRE (Linux Production Release) 1.5.0 17
Sun JRE (Windows Production Release) 1.5.0 17
Avaya Aura Messaging 6.0
Avaya Aura Messaging 6.0.1
Sun JRE (Windows Production Release) 1.4.2 19
Sun JRE (Linux Production Release) 1.4.2 19
Avaya Aura System Manager 6.1.3
SuSE SUSE Linux Enterprise for SAP Applications 11 SP1
Sun JDK (Linux Production Release) 1.5.0_30
Sun JDK (Linux Production Release) 1.6.0_26
Sun JDK (Solaris Production Release) 1.5.0_30
Sun JDK (Solaris Production Release) 1.6.0_26
Sun JDK (Windows Production Release) 1.5.0_30
Sun JDK (Windows Production Release) 1.6.0_26
Sun JRE (Linux Production Release) 1.4.2_32
Sun JRE (Linux Production Release) 1.5.0_30
Sun JRE (Linux Production Release) 1.6.0_26
Sun JRE (Solaris Production Release) 1.4.2_32
Sun JRE (Solaris Production Release) 1.5.0_30
Sun JRE (Solaris Production Release) 1.6.0_26
Sun JRE (Windows Production Release) 1.4.2_32
Sun JRE (Windows Production Release) 1.5.0_30
Sun JRE (Windows Production Release) 1.6.0_26
Oracle JRockit R27.1.0
Sun JDK (Linux Production Release) 1.6.0 15
Sun JDK (Windows Production Release) 1.6.0 15
Sun SDK (Linux Production Release) 1.4.2_32
Sun SDK (Solaris Production Release) 1.4.2_32
Avaya Meeting Exchange 5.2 SP1
Sun JRE (Linux Production Release) 1.6.0 15
Sun JDK (Linux Production Release) 1.5.0 20
Sun JDK (Windows Production Release) 1.5.0 20
Sun JDK (Solaris Production Release) 1.5.0 20
Sun JRE (Solaris Production Release) 1.5.0 20
Sun JRE (Windows Production Release) 1.5.0 20
Sun JRE (Linux Production Release) 1.5.0 20
Sun JRE (Linux Production Release) 1.4.2 22
Sun JRE (Windows Production Release) 1.4.2 22
Sun JRE (Solaris Production Release) 1.4.2 22
Sun SDK (Solaris Production Release) 1.4.2 22
Sun SDK (Windows Production Release) 1.4.2 22
Sun SDK (Linux Production Release) 1.4.2 22
Red Hat Enterprise Linux Extras 4
Sun JDK (Linux Production Release) 1.5.0 0 10
Sun JDK (Windows Production Release) 1.6.0 20
Sun SDK (Windows Production Release) 1.4.2_32
Sun SDK (Windows Production Release) 1.4.2 08
Apple Mac Os X 10.7.2
Mandriva Linux Mandrake 2010.1 X86 64
Mandriva Linux Mandrake 2010.1
Sun JDK (Linux Production Release) 1.6.0_23
Sun JDK (Solaris Production Release) 1.6.0_23
Sun SDK (Linux Production Release) 1.4.2 02
Sun SDK (Linux Production Release) 1.4.2
SuSE SUSE Linux Enterprise Server for VMware 11 SP1
Sun JDK (Windows Production Release) 1.6.0_23
Sun JRE (Linux Production Release) 1.6.0_23
Sun JRE (Linux Production Release) 1.6.0 17
Sun JRE (Linux Production Release) 1.5.0 22
Sun JRE (Linux Production Release) 1.4.2 24
Sun JRE (Solaris Production Release) 1.6.0 17
Sun JRE (Solaris Production Release) 1.5.0 22
Sun JRE (Solaris Production Release) 1.4.2 24
Sun JRE (Windows Production Release) 1.6.0_23
Sun JRE (Windows Production Release) 1.6.0 17
Sun JRE (Windows Production Release) 1.5.0 22
Sun JRE (Solaris Production Release) 1.6.0 12
Oracle JRockit R28.0.0
Sun JDK (Linux Production Release) 1.6.0 17
Sun JDK (Linux Production Release) 1.5.0 22
Sun JDK (Solaris Production Release) 1.6.0 17
Sun JDK (Solaris Production Release) 1.5.0 22
Sun JDK (Windows Production Release) 1.6.0 17
Sun JDK (Windows Production Release) 1.5.0_26
Sun SDK (Linux Production Release) 1.4.2 24
Sun SDK (Solaris Production Release) 1.4.2 24
Sun SDK (Windows Production Release) 1.4.2 24
Avaya Call Management System R 15.0
Sun SDK (Solaris Production Release) 1.4.2 20
Sun JRE (Solaris Production Release) 1.6.0_23
IBM JAVA IBM 31-bit SDK for z/OS 5.0
Sun JDK (Linux Production Release) 1.5.0_29
Avaya Call Management System R 16.0
Avaya Aura Messaging 6.1

APP:REAL:RMP-FILE-OF - APP: RealNetworks RealPlayer RMP File Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in RealPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

bugtraq: 64398
cve: CVE-2013-6877

Affected Products:

realnetworks realplayer 16.0.3.51
realnetworks realplayer 16.0.2.32

HTTP:STC:IE:CVE-2014-6345-INFO - HTTP: Microsoft Internet Explorer CVE-2014-6345 Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Explorer. A successful attack can lead to Information Disclosure.

Supported On:

References:

cve: CVE-2014-6345

Affected Products:

microsoft internet_explorer 9
microsoft internet_explorer 10

SPYWARE:KL:WINVESTIGATOR - SPYWARE: Winvestigator

Severity: HIGH

Description:

This signature detects the runtime behavior of the spyware Winvestigator. Winvestigator is a Windows keylogger. It records every keystroke, applications used, Web site visited, and usernames and passwords. It also makes screen captures and sends out the log files to a predefined e-mail address at a predefined interval.

Supported On:

References:

SMTP:IBM-LOTUS-INT-OVERFLOW - SMTP: IBM Lotus Domino BMP Parsing Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IBM Lotus Domino. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted daemon.

Supported On:

References:

cve: CVE-2015-1902

Affected Products:

ibm domino 8.5.3
ibm domino 9.0.1
ibm domino 8.5.2
ibm domino 9.0.0
ibm domino 8.5.1
ibm domino 8.5.0

HTTP:STC:DL:OTF-FONT-INT - HTTP: Embedded Malformed OpenType Font Engine Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the OpenType Font Engine. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2010-1883
bugtraq: 43775

Affected Products:

Microsoft Windows 7 for 32-bit Systems
Microsoft Windows 7 for x64-based Systems
Microsoft Windows 7 for Itanium-based Systems
Microsoft Windows Vista Business SP2
Microsoft Windows Vista Business 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista SP2
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Server 2008 Standard Edition X64
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2003 Sp2 Datacenter
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 Standard Edition - Gold Web
Microsoft Windows Server 2008 Standard Edition - Gold Standard
Microsoft Windows 7 XP Mode
Avaya Messaging Application Server MM 1.1
Microsoft Windows Server 2008 Standard Edition - Gold Itanium
Microsoft Windows Server 2008 Datacenter Edition
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Server 2003 Sp2 Storage
Avaya Aura Conferencing 6.0 Standard
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2003 Standard Edition SP2
Avaya Messaging Application Server
Microsoft Windows Server 2008 Standard Edition - Gold Datacenter
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Microsoft Windows Server 2008 Standard Edition - Gold
Microsoft Windows Server 2008 Standard Edition - Sp2 Hpc
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Windows XP Professional SP3
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Home SP3
Avaya Communication Server 1000 Telephony Manager
Avaya CallPilot
Avaya Aura Conferencing Standard
Microsoft Windows Server 2008 Standard Edition - Gold Storage
Microsoft Windows Server 2008 Standard Edition - Sp2 Web
Microsoft Windows 7 RC
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Windows XP Embedded SP3
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Microsoft Windows Server 2003 Sp2 Enterprise
Microsoft Windows Server 2003 SP2
Avaya Messaging Application Server MM 2.0
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Server 2008 Standard Edition - Sp2 Storage
Microsoft Windows Vista SP1
Microsoft Windows 7 Home Premium
Microsoft Windows 7 Starter
Microsoft Windows 7 Professional
Microsoft Windows 7 Ultimate
Microsoft Windows Server 2008 Standard Edition - Gold Hpc
Microsoft Windows Server 2003 Sp2 Compute Cluster
Microsoft Windows 7 Beta
Microsoft Windows Server 2008 Standard Edition Itanium
Microsoft Windows Server 2008 Standard Edition - Gold Enterprise
Avaya Messaging Application Server 4
Avaya Messaging Application Server 5
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems

HTTP:STC:DL:VLC-XSPF-MEM - HTTP: VideoLAN VLC Media Player XSPF Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known memory corruption vulnerability in VideoLAN VLC Media Player. It is due to an integer-overflow error in the XSPF playlist file parser. An attacker can entice the target user to open a crafted XSPF file to exploit this. A successful attack can lead to arbitrary code execution within the context of the application.

Supported On:

References:

cve: CVE-2008-4558
bugtraq: 31758

Affected Products:

VideoLAN VLC media player 0.9.2

HTTP:STC:ACTIVEX:MSCOMCTL-OCX - HTTP: Microsoft Windows Common Control 'MSCOMCTL.OCX' Unsafe ActiveX Control

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in the Microsoft Windows Common ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page or sending a malicious RTF document. Visiting the website with a vulnerable version of Internet Explorer, or opening the RTF document with Office or Wordpad could result in arbitrary code execution.

Supported On:

srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.140032, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, idp-4.0.110090831, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, idp-5.1.110160603, isg-3.5.141455, idp-5.1.110151117, isg-3.5.141597, srx-11.4

References:

cve: CVE-2012-0158
bugtraq: 52911

Affected Products:

Microsoft SQL Server 2000 SP3
Microsoft Visual FoxPro 9.0 SP1
Microsoft Visual FoxPro 8.0
Microsoft SQL Server 2000 SP1
Microsoft SQL Server 2000 SP4
Microsoft Office 2003 SP2
Microsoft Visual FoxPro 8.0 SP1
Microsoft Office 2007 SP2
Microsoft Visual FoxPro 9.0 SP2
Microsoft Office 2010 (32-bit edition)
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft SQL Server 2005 Express Edition SP2
Microsoft BizTalk Server 2002 SP1
Microsoft Commerce Server 2002 SP3
Microsoft Commerce Server 2002 SP4
Microsoft Commerce Server 2007 SP1
Microsoft Commerce Server 2007 SP2
Microsoft Commerce Server 2009
Microsoft Commerce Server 2009 R2
Microsoft Visual Basic 6.0
Microsoft SQL Server 2005 Itanium Edition
Microsoft SQL Server 2005 Itanium Edition SP4
Microsoft SQL Server 2005 Express Edition SP3
Microsoft SQL Server 2005 Express Edition SP4
Microsoft SQL Server 2005 Itanium Edition SP3
Microsoft SQL Server 2005 x64 Edition SP3
Microsoft SQL Server 2008 itanium SP1
Microsoft SQL Server 2008 x64 SP2
Microsoft SQL Server 2008 32-bit SP2
Microsoft SQL Server 2008 itanium SP2
Microsoft SQL Server 2008 itanium R2
Microsoft Office 2003 SP1
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2005 x64 Edition SP4
Microsoft SQL Server 2008 32-bit R2
Microsoft SQL Server 2008 32-bit SP3
Microsoft SQL Server 2008 itanium SP3
Microsoft SQL Server 2008 x64 SP3
Microsoft SQL Server 2008 R2 SP1
Microsoft SQL Server 2005 x64 Edition SP1
Microsoft Office 2007 SP1
Microsoft SQL Server 2005 Itanium Edition SP1
Microsoft SQL Server 2008
Microsoft Commerce Server 2002 SP1
Microsoft Commerce Server 2002 SP2
Microsoft SQL Server 2005 Express Edition SP1
Microsoft Office 2010 (32-bit edition) SP1
Microsoft Office 2003 Web Components SP3
Microsoft Office 2003 SP3
Microsoft SQL Server 2008 R2
Microsoft Office 2010
Microsoft SQL Server 2000
Microsoft Commerce Server 2007
Microsoft Visual Basic 6.0 Runtime Extended Files

HTTP:STC:DL:MAL-HLP-CHM - HTTP: Malformed Microsoft HLP/CHM File

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Help file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

References:

cve: CVE-2006-1591
bugtraq: 17325
cve: CVE-2006-2297
bugtraq: 17926

Affected Products:

Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Tablet PC Edition
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Professional SP2
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Advanced Server
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows XP Home SP1
Microsoft Windows XP Professional SP1
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows XP Professional
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Media Center Edition SP1

SMTP:EXCHANGE:CALENDAR-HEAP - SMTP: Microsoft Exchange Calendar Request Heap Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Exchange Information Store service while processing Outlook calendar requests. Attackers can overwrite the heap structure, thereby causing an exception which results in a denial of service on an Exchange server. Typically, the service is not set to restart automatically if it is terminated.

Supported On:

References:

cve: CVE-2006-0027
bugtraq: 17908
url: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1818

Affected Products:

Microsoft Exchange Server 2003 SP1
Microsoft Exchange Server 2000 SP1
Microsoft Exchange Server 2000 SP2
Microsoft Exchange Server 2000
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 SP2

HTTP:STC:IE:6.0-FOR-LOOP-DOS - HTTP: Microsoft Internet Explorer Malformed JavaScript for Loop Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2007-0811
bugtraq: 22408

Affected Products:

Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1

HTTP:STC:QT-RTSP-LINK-OF - HTTP: Quicktime RTSP Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Apple Quicktime. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

References:

cve: CVE-2007-0015
url: http://projects.info-pull.com/moab/MOAB-01-01-2007.html
bugtraq: 21829

Affected Products:

Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.0.4

HTTP:STC:IE:HTML-OBJECTS-MC - HTTP: Microsoft Internet Explorer HTML Objects Variant Memory Corruption

Severity: HIGH

Description:

Supported On:

References:

bugtraq: 30610
cve: CVE-2008-2258

Affected Products:

Microsoft Internet Explorer 6.0
HP Storage Management Appliance 2.1
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 7.0
Nortel Networks Contact Center NCC
Avaya Messaging Application Server
Nortel Networks Self-Service Peri Workstation
Avaya Messaging Application Server MM 3.1
Microsoft Internet Explorer 5.0.1 SP4
Nortel Networks Self-Service MPS 100
Nortel Networks Self-Service MPS 500
Nortel Networks Self-Service MPS 1000
Nortel Networks Self-Service Speech Server
Microsoft Internet Explorer 6.0 SP1
Nortel Networks CallPilot 703T
Nortel Networks CallPilot 702T
Avaya Messaging Application Server MM 1.1
Nortel Networks CallPilot 200I
Nortel Networks Contact Center
Nortel Networks Self-Service
Nortel Networks Contact Center Manager Server
Avaya Messaging Application Server MM 3.0
Nortel Networks Self-Service Peri Application
Nortel Networks CallPilot 1002Rp
Nortel Networks Contact Center Express
Nortel Networks Contact Center Manager
Microsoft Internet Explorer 5.0.1 SP2
Avaya Messaging Application Server MM 2.0
Nortel Networks CallPilot 201I
Nortel Networks Contact Center Administration
Nortel Networks Enterprise VoIP TM-CS1000
HP Storage Management Appliance I
HP Storage Management Appliance II
HP Storage Management Appliance III
Nortel Networks Self-Service Media Processing Server
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP3

SMTP:EMAIL:IBM-LOTUS-NTS-WPD-BO - SMTP: IBM Lotus Notes WPD Attachment Handling Buffer Overflow

Severity: HIGH

Description:

Supported On:

References:

cve: CVE-2008-4564
bugtraq: 34086

Affected Products:

Symantec Enforce 8.0
Symantec Mail Security Appliance 5.0.0
Symantec Enforce 7.0
Symantec Enforce for Linux 8.1
IBM Lotus Notes 6.0.3
Symantec Enforce for Windows 8.1
IBM Lotus Notes 6.0.2
Symantec Data Loss Prevention Endpoint Agents 8.0
IBM Lotus Notes 7.0.2
Symantec Data Loss Prevention Endpoint Agents 8.1
Symantec Mail Security for SMTP 5.0
Symantec Mail Security Appliance 5.0.0-36
IBM Lotus Notes 6.5.0
IBM Lotus Notes 6.0.4
IBM Lotus Notes 6.5.2
Symantec Mail Security for SMTP 5.0.1 Patch 181
IBM Lotus Notes 7.0.3
IBM Lotus Notes 6.5.6 FP2
Symantec Mail Security for Microsoft Exchange 6.0.7
IBM Lotus Notes 6.0.0
IBM Lotus Notes 6.0.1
Symantec Mail Security Appliance 5.0.0.24
IBM Lotus Notes 6.5.6
IBM Lotus Notes 7.0.1
IBM Lotus Notes 5.0.12
Autonomy Keyview Viewer SDK 10.4.0
IBM Lotus Notes 5.0.3
Symantec Mail Security for SMTP 5.0.1 Patch 189
Autonomy Keyview Viewer SDK 10
Autonomy Keyview Filter SDK 10
Autonomy Keyview Export SDK 10
IBM Lotus Notes 6.5.5
Autonomy Keyview Export SDK 10.4.0
Autonomy Keyview Export SDK 10.3.0
Autonomy Keyview Filter SDK 10.3.0
Autonomy Keyview Filter SDK 10.4.0
Autonomy Keyview Viewer SDK 10.3.0
IBM Lotus Notes 7.0
Symantec BrightMail Appliance 5.0
IBM Lotus Notes 6.0.5
Symantec Data Loss Prevention Detection Servers 7.0
IBM Lotus Notes 6.5.3
IBM Lotus Notes 6.5.4
Symantec Mail Security for Domino 7.5.5.32
Symantec Mail Security for Domino 7.5.4.29
Symantec Mail Security for Microsoft Exchange 5.0.11
Symantec Mail Security for Microsoft Exchange 5.0.10
Symantec Mail Security for Microsoft Exchange 6.0.6
IBM Lotus Notes 6.5.5 FP3
IBM Lotus Notes 7.0.2 FP1
IBM Lotus Notes 8.0
IBM Lotus Notes 6.5.5 FP2
Symantec Mail Security for Domino 7.5.3.25
Symantec Mail Security for SMTP 5.0.1
IBM Lotus Notes 6.5.1
Symantec Mail Security for SMTP 5.0.1 Patch 182
Symantec Mail Security for SMTP 5.0.1 Patch 200
Symantec Data Loss Prevention Detection Servers 8.0
Symantec Data Loss Prevention Detection Servers for Linux 8.1
Symantec Data Loss Prevention Detection Servers for Windows 8.1

HTTP:STC:DL:MPLAYER-SAMI - HTTP: MPlayer SAMI Subtitle sub_read_line_sami Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in MPlayer. Specifically, the vulnerability is due a stack buffer overflow when reading a long caption from a SAMI subtitle file. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to download a crafted SAMI file, resulting in the execution of arbitrary code in the security context of the target user.

Supported On:

HTTP:STC:MOZILLA:XUL-NULL-MENU - HTTP: Mozilla Firefox XUL NULL Menu Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2007-0775
bugtraq: 22694

Affected Products:

Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server 2.0
Avaya Messaging Storage Server
Sun Solaris 10 Sparc
Red Hat Enterprise Linux Desktop 5 Client
Ubuntu Ubuntu Linux 6.06 LTS Powerpc
Red Hat Enterprise Linux Optional Productivity Application 5 Server
Ubuntu Ubuntu Linux 6.06 LTS Amd64
Red Hat Fedora Core6
Mozilla Thunderbird 0.9.0
Mozilla Firefox 2.0 Beta 1
Slackware Linux 10.2.0
Sun Java System Application Server Enterprise Edition 8.1.0 2005Q1RHEL2.1/RHEL3
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
Mozilla Thunderbird 1.0.5
Mozilla Firefox 1.0.2
SuSE UnitedLinux 1.0.0
SuSE SuSE Linux School Server for i386
Mozilla Firefox 2.0.0.10
Ubuntu Ubuntu Linux 6.10 Amd64
Ubuntu Ubuntu Linux 6.10 I386
Ubuntu Ubuntu Linux 6.10 Powerpc
Mozilla Firefox 1.5.0
Turbolinux Turbolinux Server 10.0.0 X64
Mozilla Camino 0.7.0 .0
Mozilla Camino 1.0.3
Mozilla Camino 0.8.0
Red Hat Desktop 4.0.0
SuSE SUSE Linux Enterprise Server 8
Mozilla Thunderbird 1.5.0
Slackware Linux 11.0
Mozilla SeaMonkey 1.0.99
Mozilla Firefox 1.5.0.7
Turbolinux wizpy
Mozilla Thunderbird 1.5.0.4
Mandriva Corporate Server 4.0.0 X86 64
Mozilla Thunderbird 1.0.7
Ubuntu Ubuntu Linux 6.06 LTS I386
Turbolinux 10 F...
Sun Solaris 9 Sparc
SuSE openSUSE 10.2
Avaya Interactive Response 2.0
Mozilla Camino 1.0.1
SuSE Open-Enterprise-Server
Mozilla Thunderbird 1.5.0.5
Mozilla Firefox 1.5.0.5
Mozilla SeaMonkey 1.0.3
Mozilla Firefox 0.10.1
Mozilla Thunderbird 1.0.0
Turbolinux Multimedia
Turbolinux Personal
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.0
Mozilla Thunderbird 0.8.0
Mozilla Firefox 2.0 RC2
Mozilla Firefox 2.0 RC3
Mozilla Thunderbird 1.5.0.8
Mozilla SeaMonkey 1.0.6
Mozilla Firefox 1.5.0 Beta 2
Mozilla Firefox 1.0.8
Debian Linux 3.1.0 Amd64
HP HP-UX B.11.11
Debian Linux 3.1.0 Alpha
Debian Linux 3.1.0 Arm
Debian Linux 3.1.0 Hppa
Debian Linux 3.1.0 Ia-32
Debian Linux 3.1.0 Ia-64
Debian Linux 3.1.0 M68k
Debian Linux 3.1.0 Mips
Debian Linux 3.1.0 Mipsel
Debian Linux 3.1.0 Ppc
Debian Linux 3.1.0 S/390
Debian Linux 3.1.0 Sparc
Mozilla Firefox 0.10.0
Turbolinux Home
Mozilla Firefox 1.5.0 Beta 1
SuSE SUSE Linux Enterprise Server 9 SP3
Mozilla Firefox 1.0.1
Sun Java System Web Server 6.1
Mozilla Thunderbird 1.0.6
Mandriva Linux Mandrake 2007.0 X86 64
SuSE Novell Linux POS 9
Sun Solaris 10 X86
Pardus Linux 2007.1
Red Hat Fedora Core5
Mozilla Thunderbird 1.0.1
rPath rPath Linux 1
Mozilla Firefox 1.5.0.3
Turbolinux Turbolinux Server 10.0.0 X86
Turbolinux FUJI
Mozilla SeaMonkey 1.0.2
Mozilla Firefox 1.5.0.4
Turbolinux Turbolinux Desktop 10.0.0
Mozilla Camino 1.0
SuSE SuSE Linux Openexchange Server 4.0.0
SuSE SUSE LINUX Retail Solution 8.0.0
SuSE SuSE Linux Standard Server 8.0.0
Mozilla Firefox 1.5.0.6
Mozilla SeaMonkey 1.0.7
Sun Java System Application Server Platform Edition 8.1.0 2005 Q1
Mandriva Corporate Server 4.0
Mandriva Linux Mandrake 2007.0
Red Hat Enterprise Linux Desktop Workstation 5 Client
Red Hat Enterprise Linux 5 Server
SuSE Linux 9.3
Mandriva Corporate Server 3.0.0
HP HP-UX B.11.23
Mozilla Thunderbird 0.7.3
Mozilla Thunderbird 0.6.0
SuSE Linux 10.0
Mozilla Camino 0.8.3
Gentoo Linux
Mozilla Firefox 2.0
SGI ProPack 3.0.0 SP6
Mozilla Firefox 0.9.2
Mozilla Thunderbird 0.7.2
Mozilla Camino 1.0.2
Mozilla Firefox 1.0.7
Mozilla Firefox 1.5.0.2
Turbolinux Turbolinux Server 10.0.0
Mozilla Thunderbird 1.5.0.2
Mozilla Thunderbird 1.5.0.1
Mozilla Thunderbird 1.0.8
Mozilla SeaMonkey 1.0.1
Mozilla Firefox 1.5.0.1
Mozilla SeaMonkey 1.0
Mozilla SeaMonkey 1.0 Dev
Novell Linux Desktop 9
Mozilla Firefox 0.9.0
Mozilla Firefox 0.9.1
Sun Java Enterprise System 2003Q4
Sun Java Enterprise System 2004Q2
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
Avaya Messaging Storage Server MM3.0
SuSE Linux 10.1
Mozilla Thunderbird 1.5.0 Beta 2
Ubuntu Ubuntu Linux 5.10.0 Amd64
Ubuntu Ubuntu Linux 5.10.0 I386
Ubuntu Ubuntu Linux 5.10.0 Powerpc
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4
Debian Linux 3.1.0
Mozilla SeaMonkey 1.0.5
Ubuntu Ubuntu Linux 6.10 Sparc
Sun Java Web Proxy Server 4.0
Sun Java Enterprise System 2005Q4
Mozilla Firefox 1.0.5
Mozilla Thunderbird 1.5.0.7
Sun Java Enterprise System 5
Mozilla Thunderbird 0.7.1
Sun Java Enterprise System 2005Q1
Sun Solaris 9 X86
Mozilla Firefox 1.5.0.8
Ubuntu Ubuntu Linux 6.06 LTS Sparc
Ubuntu Ubuntu Linux 5.10.0 Sparc
Mandriva Corporate Server 3.0.0 X86 64
Mozilla Firefox 2.0.0.1
Mozilla Firefox 1.5.0.9
Mozilla Firefox 0.8.0
Mozilla Thunderbird 1.5.0.9
Turbolinux FUJI
Mozilla Camino 1.5
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.0 Rc
Mozilla Thunderbird 0.7.0
Sun Java System Web Server 7.0
Mozilla Camino 0.8.4
Mozilla Thunderbird 1.0.2

SMTP:MAL:LOTUS-WPD - SMTP: IBM Lotus Notes WPD Attachment Viewer Buffer Overflow

Severity: HIGH

Description:

There exist a buffer overflow vulnerability in IBM Lotus Notes WPD viewer. The vulnerability is due to a boundary error while processing crafted WordPerfect (.wpd) files. A remote attacker could exploit this vulnerability by persuading a target user to open a malicious WPD file in Lotus email attachment. Successful exploitation of this vulnerability may allow arbitrary code injection and execution within the context of the logged in user. In an attack case where code injection is not successful, all instances of the vulnerable IBM Lotus Notes application will terminate. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application would also most likely stop functioning as a result of such an attack.

Supported On:

References:

cve: CVE-2007-5544
bugtraq: 26175

Affected Products:

Symantec Mail Security Appliance 5.0.0
ActivePDF DocConverter 3.8.2.5
Symantec Mail Security for Microsoft Exchange 5.0.0
IBM Lotus Notes 7.0.2
Symantec Mail Security for SMTP 5.0
Symantec Mail Security for Domino 7.5.0.19
Symantec Mail Security for Microsoft Exchange 5.0.7.373
Symantec Mail Security Appliance 5.0.0.24
Autonomy Keyview Export SDK 7
Autonomy Keyview Export SDK 8
Autonomy Keyview Export SDK 9
Autonomy Keyview Filter SDK 9
Autonomy Keyview Filter SDK 8
Autonomy Keyview Filter SDK 7
Autonomy Keyview Viewer SDK 7
Autonomy Keyview Viewer SDK 8
Autonomy Keyview Viewer SDK 9
Symantec Mail Security for Microsoft Exchange 5.0.0.024
Symantec Mail Security for SMTP 5.0.1
Symantec Mail Security for Domino 7.5
Symantec Mail Security for Microsoft Exchange 5.0.6.368

SMTP:MAL:LOTUS-MIF-VIEWER - SMTP: IBM Lotus Notes MIF Attachment Viewer Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IBM Lotus Notes MIF Attachment Viewer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

References:

bugtraq: 26175

Affected Products:

Symantec Mail Security Appliance 5.0.0
ActivePDF DocConverter 3.8.2.5
Symantec Mail Security for Microsoft Exchange 5.0.0
IBM Lotus Notes 7.0.2
Symantec Mail Security for SMTP 5.0
Symantec Mail Security for Domino 7.5.0.19
Symantec Mail Security for Microsoft Exchange 5.0.7.373
Symantec Mail Security Appliance 5.0.0.24
Autonomy Keyview Export SDK 7
Autonomy Keyview Export SDK 8
Autonomy Keyview Export SDK 9
Autonomy Keyview Filter SDK 9
Autonomy Keyview Filter SDK 8
Autonomy Keyview Filter SDK 7
Autonomy Keyview Viewer SDK 7
Autonomy Keyview Viewer SDK 8
Autonomy Keyview Viewer SDK 9
Symantec Mail Security for Microsoft Exchange 5.0.0.024
Symantec Mail Security for SMTP 5.0.1
Symantec Mail Security for Domino 7.5
Symantec Mail Security for Microsoft Exchange 5.0.6.368

APP:CLAMAV-UPX-OF-SMTP - APP: ClamAV UPX File Handling Heap Overflow (SMTP)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability agains Clam Anti-Virus. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2006-4018

Affected Products:

SuSE Linux Personal 9.3.0
SuSE Linux Personal 10.1
SuSE Linux Professional 10.1
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Server 9
SuSE Linux Personal 9.2.0
SuSE Linux Professional 9.2.0
SuSE Linux Professional 9.3.0
SuSE Linux Professional 9.3.0 X86 64
SuSE Linux Professional 9.2.0 X86 64
Trustix Secure Linux 2.2.0
Mandriva Corporate Server 3.0.0
Trustix Secure Linux 3.0.0
SuSE Linux Personal 9.2.0 X86 64
Clam Anti-Virus ClamAV 0.88.2
SuSE Linux Professional 10.0.0 OSS
SuSE Linux Personal 10.0.0 OSS
Mandriva Linux Mandrake 2006.0.0
Mandriva Linux Mandrake 2006.0.0 X86 64
Mandriva Corporate Server 3.0.0 X86 64
Debian Linux 3.1.0
Clam Anti-Virus ClamAV 0.88.3
SuSE Linux Personal 9.3.0 X86 64
Gentoo Linux
SuSE Linux Professional 10.0.0

HTTP:STC:IE:UNISCRIBE-FNPS-MC - HTTP: Microsoft Uniscribe Font Parsing Engine Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the Microsoft Uniscribe Font Parser. Attackers can corrupt memory on the victim's computer resulting in remote command execution.

Supported On:

References:

cve: CVE-2010-2738
bugtraq: 43068

Affected Products:

Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Office 2007 SP2
Microsoft Windows Vista Business SP2
Microsoft Windows Vista Business 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista SP2
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Microsoft Windows Vista
Microsoft Windows Server 2003 x64 SP2
Microsoft Office XP SP3
Microsoft Windows Server 2008 Standard Edition Itanium
Microsoft Office 2003 SP3
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Vista SP1
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya CallPilot Unified Messaging
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server 4
Avaya Messaging Application Server 5
Microsoft Windows Server 2003 SP2
Microsoft Windows XP Professional x64 Edition SP3
Microsoft Windows XP Professional SP3
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Home SP3
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Server 2008 Datacenter Edition
Avaya Aura Conferencing 6.0 Standard
Avaya Messaging Application Server
Microsoft Windows Server 2008 Enterprise Edition
Avaya Meeting Exchange - Webportal
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2008 Standard Edition X64
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems
Avaya Messaging Application Server MM 2.0
Microsoft Windows Server 2003 Standard Edition SP2

SMTP:NOVELL-GROUPWISE-BO - SMTP: Novell GroupWise Internet Agent Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Novell GroupWise Internet Agent. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2011-2663

Affected Products:

novell groupwise 8.0 (hp1)
novell groupwise 8.0 (hp2)

HTTP:STC:CSS-STATUS-BAR-SPOOF - HTTP: Multiple Browsers CSS Status Bar Spoof

Severity: MEDIUM

Description:

This signature detects attempts to exploit known flaws in several common HTTP browsers, including Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and Apple Safari. Attackers can craft a web page using Cascading Style Sheets (CSS) to include links that indicate via the Status Bar that clicking on them would take you to one site, but instead take you to a different site. Attackers can use this to enhance the credibility of phishing attacks to entice a user to go to what they think is a trusted site but is instead a malicious site.

Supported On:

References:

bugtraq: 47547
url: http://xeyeteam.appspot.com/2011/04/15/IE-Chrome-Firefox-Status-Bar-Spoofing-Vulnerability.html
url: http://www.microsoft.com/windows/ie/default.mspx
bugtraq: 47548
bugtraq: 47549

Affected Products:

Microsoft Internet Explorer 9