TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1013
AAA EasyGrid ActiveX 3.51 containing the insecure "DoSaveFile()" and "DoSaveHtmlFile()" methods. This can be
exploited to corrupt arbitrary files in the context of the currently logged-on user. By persuading a victim to visit a
specially-crafted Web page, a remote attacker could exploit this vulnerability. No remedy available as of January 24,
2009 but alternately user can set killbit to clsid to stop activeX functionality.
Signature ID: 35832
PowerPoint Viewer OCX 3.1 Remote File Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-2494 Bugtraq: 23733,33243
Signature Description: PowerPoint Viewer ActiveX Control is one of the leading software in ActiveX for Professional
Windows Developers who need view the powerpoint file within their business application. The Office OCX
PowerPoint Viewer ActiveX control is vulnerable to a stack-based buffer overflow. By persuading a victim to visit a
specially-crafted Web page that passes an overly long argument to the save(), HttpDownloadFile() or OpenWebFile()
method, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's
browser to crash. No remedy is available as of 29th January 2009 to resolve this issue. Alternately user can Set kill-bit
to the clsid to resolve this issue.
Signature ID: 35834
TeamSpeak 'help' Command Directory Traversal Vulnerability
Threat Level: Severe
Bugtraq: 33256
Signature Description: TeamSpeak is a freely available chat server available for various platforms. TeamSpeak Server
version 2.0.23 17 is vulnerable to directory traversal vulnerability. The application is exposed to a directory traversal
issue because it fails to sufficiently sanitize user-supplied input submitted through the "help" command. Exploiting the
issue may allow an attacker to obtain sensitive information that could aid in further attacks. No patch details are
available to resolve this issue.
Signature ID: 35835
Web on Windows 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
Threat Level: Severe
Industry ID: CVE-2009-0389 Bugtraq: 33515
Signature Description: The Web On Windows (WOW) control is an ActiveX control that hosts the Microsoft Web
browser control. WOW hooks into the COM interfaces of the Web browser control for the purpose of providing a
custom IDocHostUIHandler callback interface to receive events from the Web browser, and passes them on in the form
of COM events. WinCentric Web On Windows 2 is vulnerable to arbitrary file overwrite vulnerability. The WOW -
Web On Windows ActiveX Control could allow a remote attacker to execute arbitrary code on the system, caused by
the use of the WriteIniFileString() and ShellExecute() insecure methods. A remote attacker could exploit this
vulnerability using unknown vectors to read and write to the registry to upload and execute malicious files on the
system or cause the application to crash. No remedy is available as of 7 February 2009
Signature ID: 35836
ZeroShell 1.0beta11 Remote Code Execution Vulnerability
Threat Level: Severe
Signature Description: ZeroShell is a small Linux distribution for servers and embedded devices. This Linux distro can
be configured and managed with an easy to use web console. ZeroShell 1.0beta11 is vulnerable to remote code
execution vulnerability. The ZeroShell web console uses a CGI program and several bash scripts to provide all
administrative functions. An improper input validation mechanism permits the injection of arbitrary system commands.
An attacker may abuse this weakness in order to compromise the entire system. Authentication is not required in order
to exploit this flaw. The vendor has published a patch for the release 1.0beta11.