TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1018
control stores configuration data for the policy setting Microsoft Scriptlet Component. This vulnerability is caused due
to improper bounds checking by the "CollectGarbage" method. By persuading a victim to visit a malicious Web page, a
remote attacker could execute arbitrary code in the context of the application using the ActiveX control (typically
Internet Explorer 7). No remedy available as of Feb 2009, user can set killbit to the clsid AE24FDAE-03C6-11D1-
8B76-0080C744F389 with "mshtml.dll" to resolve this issue.
Signature ID: 35907
MS09-002 Exploit in the Wild ActiveX MSWord Vulnerability
Threat Level: Severe
Industry ID: CVE-2009-0075
Signature Description: This exploit is targeting Internet Explorer 7. The attacker can send maliciously crafted
document to the unsuspecting victims. This word document contains an embedded ActiveX control with classid
AE24FDAE-03C6-11D1-8B76-0080C744F389 in opening, it connects to a website hosting the MS09-002 exploit. This
control stores configuration data for the policy setting Microsoft Scriptlet Component. This vulnerability is caused due
to improper bounds checking by the "CollectGarbage" method. By persuading a victim to visit a malicious Web page
which contain %u encoded data, a remote attacker could execute arbitrary code in the context of the application using
the ActiveX control (typically Internet Explorer 7). No remedy available as of Feb 2009, user can set killbit to the clsid
AE24FDAE-03C6-11D1-8B76-0080C744F389 with "mshtml.dll" to resolve this issue.
Signature ID: 35908
MS09-002 Exploit in the Wild ActiveX MSWord Vulnerability
Threat Level: Warning
Industry ID: CVE-2009-0075
Signature Description: This exploit is targeting Internet Explorer 7. The attacker can send maliciously crafted
document to the unsuspecting victims. This word document contains an embedded ActiveX control with classid
AE24FDAE-03C6-11D1-8B76-0080C744F389 in opening, it connects to a website hosting the MS09-002 exploit. This
control stores configuration data for the policy setting Microsoft Scriptlet Component. This vulnerability is caused due
to improper bounds checking by the "CollectGarbage" method. By persuading a victim to visit a malicious Web page, a
remote attacker could execute arbitrary code in the context of the application using the ActiveX control (typically
Internet Explorer 7). No remedy available as of Feb 2009, user can set killbit to the clsid AE24FDAE-03C6-11D1-
8B76-0080C744F389 with "mshtml.dll" corresponding to the progid ScriptBridge.ScriptBridge.1 to resolve this issue.
Signature ID: 35909
TROJAN AdWare.Win32.MWGuide checkin
Threat Level: Warning
Signature Description: MWGUIDE.EXE is a commercial Monitoring Tool used to monitor and test some specific area
of your PC. For example serial port, usb port monitors, etc. In most cases they are used for legitimate testing but can be
used for spying your system too. It Can communicate with other computer systems using HTTP protocols once after
affected. It executes a Process and adds the affected products to the system registry. It will get Add as a Registry auto
start to load malicious Program on Boot up. The malicious file size is about 237,568 bytes to 774,144 bytes.
Signature ID: 35910
TROJAN AdWare.Win32.MWGuide keepalive
Threat Level: Warning
Signature Description: MWGUIDE.EXE is a commercial Monitoring Tool used to monitor and test some specific area
of your PC. For example serial port, usb port monitors, etc. In most cases they are used for legitimate testing but can be
used for spying your system too. It Can communicate with other computer systems using HTTP protocols once after
affected. It executes a Process and adds the affected products to the system registry. It will get Add as a Registry auto