TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1003
Signature ID: 35691
Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Vulnerability
Threat Level: Severe
Signature Description: The Chilkat socket library provides a high-level, easy-to-use API for TCP/IP socket
programming. It supports creating secure channels w/ SSL 2.0, SSL 3.0, and TLS 1.0. Both client-side and server-side
SSL/TLS is supported, including the use and verification of digital certificates. ChilkatSocket.dll version 2.3.1.1 is
vulnerable to data manipulation error. This vulnerability is caused due to Chilkat Socket ActiveX component
(ChilkatSocket.dll) containing the insecure "SaveLastError()" method. A remote attacker can overwrite and corrupt
arbitrary files on the system in the context of the currently logged-on user. No remedy is available as of November 20,
2008 but alternately user can set kill bit to clsid 474FCCCD-1B89-4D34-9E09-45807F23289C to resolve this issue.
Signature ID: 35692
Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Vulnerability
Threat Level: Severe
Signature Description: The Chilkat socket library provides a high-level, easy-to-use API for TCP/IP socket
programming. It supports creating secure channels w/ SSL 2.0, SSL 3.0, and TLS 1.0. Both client-side and server-side
SSL/TLS is supported, including the use and verification of digital certificates. ChilkatSocket.dll version 2.3.1.1 is
vulnerable to data manipulation error. This vulnerability is caused due to Chilkat Socket ActiveX component
(ChilkatSocket.dll) containing the insecure "SaveLastError()" method. By persuading the victim to visit a specially
crafted web page containing hex encoded shell code data, a remote attacker can overwrite and corrupt arbitrary files on
the system in the context of the currently logged-on user. No remedy is available as of November 20, 2008 but
alternately user can set kill bit to clsid 474FCCCD-1B89-4D34-9E09-45807F23289C to resolve this issue.
Signature ID: 35693
Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Vulnerability
Threat Level: Severe
Signature Description: The Chilkat socket library provides a high-level, easy-to-use API for TCP/IP socket
programming. It supports creating secure channels w/ SSL 2.0, SSL 3.0, and TLS 1.0. Both client-side and server-side
SSL/TLS is supported, including the use and verification of digital certificates. ChilkatSocket.dll version 2.3.1.1 is
vulnerable to data manipulation error. This vulnerability is caused due to Chilkat Socket ActiveX component
(ChilkatSocket.dll) containing the insecure "SaveLastError()" method. By persuading the victim to visit a specially
crafted web page containing %u encoded data, a remote attacker can overwrite and corrupt arbitrary files on the system
in the context of the currently logged-on user. No remedy is available as of November 20, 2008 but alternately user can
set kill bit to clsid 474FCCCD-1B89-4D34-9E09-45807F23289C to resolve this issue.
Signature ID: 35694
Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Vulnerability
Threat Level: Severe
Signature Description: The Chilkat socket library provides a high-level, easy-to-use API for TCP/IP socket
programming. It supports creating secure channels w/ SSL 2.0, SSL 3.0, and TLS 1.0. Both client-side and server-side
SSL/TLS is supported, including the use and verification of digital certificates. ChilkatSocket.dll version 2.3.1.1 is
vulnerable to data manipulation error. This vulnerability is caused due to Chilkat Socket ActiveX component
(ChilkatSocket.dll) containing the insecure "SaveLastError()" method. By persuading the victim to visit a specially
crafted web page containing UTF-16 encoded exploit data, a remote attacker can overwrite and corrupt arbitrary files
on the system in the context of the currently logged-on user. No remedy is available as of November 20, 2008 but
alternately user can set kill bit to clsid 474FCCCD-1B89-4D34-9E09-45807F23289C to resolve this issue.