TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1008
Signature ID: 35811
MW6 Aztec ActiveX (Aztec.dll) Remote Insecure Method Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-4923 Bugtraq: 31974
Signature Description: Aztec ActiveX is a powerful ATL-based control for handling Aztec 2D barcode and can be
used in any ActiveX-compliant environment such as Word, Access, Excel, VB.NET, C#.NET, Visual Basic, Visual
C++, Visual FoxPro, Delphi or C++ builder. Aztec ActiveX version 3.0.0.1 is vulnerable to remote file manipulation.
The vulnerability is caused due to the presents of insecure methods SaveBarCode() or SaveEnhWMF() presents in
Aztec.dll file. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this
vulnerability using the insecure methods to overwrite or corrupt arbitrary files on the system. Successful exploits will
compromise affected computers and will aid in further attacks. No patch details available alternately user can set killbit
to the clsid corresponding to the progid AZTECLib.MW6Aztec to resolve this issue.
Signature ID: 35812
MW6 Barcode ActiveX (Barcode.dll) Insecure Method Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-4924 Bugtraq: 31979
Signature Description: Mw6 barcode ActiveX is a powerful ATL-based control for creating high quality, device
independent barcode without requiring special fonts or bitmaps installed. It can be used in any ActiveX-compliant
environment such as Word, Access, Excel, VB.NET , C#.NET , Visual Basic, Visual C++, Visual FoxPro, Delphi or
C++ Builder. MW6 Technologies Barcode ActiveX 3.0.0.1 is vulnerable to remote file manipulation. The vulnerability
is caused due to the presents of insecure methods SaveBarCode() or SaveEnhWMF() presents in Barcode.dll file. By
persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability using the
insecure methods to overwrite or corrupt arbitrary files on the system. Successful exploits will compromise affected
computers and will aid in further attacks. No patch details available alternately user can set killbit to the clsid
14D09688-CFA7-11D5-995A-005004CE563B to resolve this issue.
Signature ID: 35813
MW6 Barcode ActiveX (Barcode.dll) Insecure Method Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-4924
Bugtraq: 31979
Signature Description: Mw6 barcode ActiveX is a powerful ATL-based control for creating high quality, device
independent barcode without requiring special fonts or bitmaps installed. It can be used in any ActiveX-compliant
environment such as Word, Access, Excel, VB.NET , C#.NET , Visual Basic, Visual C++, Visual FoxPro, Delphi or
C++ Builder. MW6 Technologies Barcode ActiveX 3.0.0.1 is vulnerable to remote file manipulation. The vulnerability
is caused due to the presents of insecure methods SaveBarCode() or SaveEnhWMF() presents in Barcode.dll file. By
persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability using the
insecure methods to overwrite or corrupt arbitrary files on the system. Successful exploits will compromise affected
computers and will aid in further attacks. No patch details available alternately user can set killbit to the clsid
corresponding to the progid BARCODELib.MW6Barcode to resolve this issue.
Signature ID: 35814
MW6 DataMatrix ActiveX (DataMatrix.dll) Insecure Method Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-4925
Bugtraq: 31980
Signature Description: DataMatrix ActiveX is a powerful ATL-based control for handling DataMatrix 2D barcode and
can be used in any ActiveX-compliant environment such as Word, Access, Excel, VB.NET, C#.NET, Visual Basic,
Visual C++, Visual FoxPro, Delphi or C++ Builder. MW6 DataMatrix ActiveX control 3.0.0.1 is vulnerable to remote
file manipulation. The vulnerability is caused due to the presents of insecure methods SaveBarCode() or