TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1028
Signature ID: 36418
MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow
Threat Level: Severe
Industry ID: CVE-2009-0298 Bugtraq: 33451
Signature Description: Barcode Activex has rich set of features to embed the Barcode representation on the Microsoft
products.This Barcode ActiveX Control can be embedded seamlessly into Microsoft Office Products like MS Access,
Excel, Word, and Development products like Visual Basic, development environments, programming languages, web
applications and report generators. Especially Office, VB and VBA developers benefit from the convenient and
powerful programming options. This activex SUPPLEMENT method suffers from the Buffer overflow attack. The
remote attacker can exploit this issue by enticing the users to visit malicious web pages. The successful remote attacker
can execute arbitrary code in the context of the application using the vulnerable activex. No Remedy available. User
can set the killbit to the vulnerable activex and contain %u encoded data in the http response. <br>
Signature ID: 36419
MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow
Threat Level: Severe
Industry ID: CVE-2009-0298 Bugtraq: 33451
Signature Description: Barcode Activex has rich set of features to embed the Barcode representation on the Microsoft
products.This Barcode ActiveX Control can be embedded seamlessly into Microsoft Office Products like MS Access,
Excel, Word, and Development products like Visual Basic, development environments, programming languages, web
applications and report generators. Especially Office, VB and VBA developers benefit from the convenient and
powerful programming options. This activex SUPPLEMENT method suffers from the Buffer overflow attack. The
remote attacker can exploit this issue by enticing the users to visit malicious web pages. The successful remote attacker
can execute arbitrary code in the context of the application using the vulnerable activex. No Remedy available. User
can set the killbit to the vulnerable activex. By persuading a victim to visit a malicious Web page, containing UTF-16
encoded data
Signature ID: 36420
MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow
Threat Level: Warning
Industry ID: CVE-2009-0298
Bugtraq: 33451
Signature Description: Barcode Activex has rich set of features to embed the Barcode representation on the Microsoft
products.This Barcode ActiveX Control can be embedded seamlessly into Microsoft Office Products like MS Access,
Excel, Word, and Development products like Visual Basic, development environments, programming languages, web
applications and report generators. Especially Office, VB and VBA developers benefit from the convenient and
powerful programming options. This activex SUPPLEMENT method suffers from the Buffer overflow attack. The
remote attacker can exploit this issue by enticing the users to visit malicious web pages. The successful remote attacker
can execute arbitrary code in the context of the application using the vulnerable activex. No Remedy available. User
can set the killbit to the vulnerable activex.User can set killbit to the clsid corresponding to the progid
BARCODELib.MW6Barcode to resolve this issue. This rule hits when http response contains vulnerable activex with
VBScript or Javascript.
Signature ID: 36421
MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow
Threat Level: Severe
Industry ID: CVE-2009-0298
Bugtraq: 33451
Signature Description: Barcode Activex has rich set of features to embed the Barcode representation on the Microsoft
products.This Barcode ActiveX Control can be embedded seamlessly into Microsoft Office Products like MS Access,
Excel, Word, and Development products like Visual Basic, development environments, programming languages, web