TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1007
Signature ID: 35807
KVIrc 3.4.2 (uri handler) Remote Command Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2951
Bugtraq: 32410
Signature Description: KVIrc is a Multi language, graphical IRC-Client for Windows, Linux, Unix and Mac OS.
KVIrc is able to connect to several servers at the same time (optional with SSL and/or IPv6). KVIrc version 3.4.2 is
vulnerable to remote code execution vulnerability. The vulnerability is caused due to the "parseIrcUrl()" function not
properly sanitizing parts of the URI when building the command for KVIrc's internal script system. This can be
exploited to inject and execute commands for the KVIrc script system by tricking a user into opening a malicious
"irc://" URI. No remedy is available as of 25 November, 2008 to resolve this issue.
Signature ID: 35808
Exodus URI Handler Command Line Parameter Injection Vulnerability
Threat Level: Severe
Bugtraq: 32330
Signature Description: Exodus is a free software instant messaging client developed in Delphi that can connect to
Jabber servers and exchange messages with other Jabber users. Currently, binaries are only available for Microsoft
Windows. Exodus version 0.10 is vulnerable to URI Handler command line parameter injection vulnerability. The
vulnerability is caused due to the application trusting arguments received via "im://", "pres://", and "xmpp://" URIs.
This can be exploited to overwrite arbitrary files on the system by tricking a user into following a specially crafted
URI. Successful exploiting this issue will allow remote attackers to influence command options that can be called
through the vulnerable protocol handler and to execute commands with the privileges of a user running the application.
Attackers may also be able to leverage this issue to execute arbitrary code with the privileges of the user running the
vulnerable application.
Signature ID: 35809
I.Scribe SMTP Client <= 2.00b (wscanf) Remote Format String Vulnerability
Threat Level: Severe
Signature Description: Scribe is a small and fast email client with an integrated contact database and calendar. It
supports all the major Internet mail protocols and uses international standards where possible. Scribe doesn't required
installing or uninstalled and can be used from a removable drive without reconfiguration. i.Scribe SMTP Client 2.00b
and earlier versions are vulnerable to denial of service vulnerability. By sending invalid SMTP response commands a
user can crash the SMTP client and may cause denial of service. No patch details are available to resolve this issue and
it is required to restart the system to start the SMTP client.
Signature ID: 35810
MW6 Aztec ActiveX (Aztec.dll) Remote Insecure Method Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-4923
Bugtraq: 31974
Signature Description: Aztec ActiveX is a powerful ATL-based control for handling Aztec 2D barcode and can be
used in any ActiveX-compliant environment such as Word, Access, Excel, VB.NET, C#.NET, Visual Basic, Visual
C++, Visual FoxPro, Delphi or C++ builder. Aztec ActiveX version 3.0.0.1 is vulnerable to remote file manipulation.
The vulnerability is caused due to the presents of insecure methods SaveBarCode() or SaveEnhWMF() presents in
Aztec.dll file. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this
vulnerability using the insecure methods to overwrite or corrupt arbitrary files on the system. Successful exploits will
compromise affected computers and will aid in further attacks. No patch details available alternately user can set killbit
to the clsid BDF3E9D2-5F7A-4F4A-A914-7498C862EA6A to resolve this issue.