TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
218
Signature ID: 1513
Internet explorer WebViewFolderIcon ActiveX Code Execution Vulnerability(1)
Threat Level: Warning
Industry ID: CVE-2006-3730 Bugtraq: 19030
Signature Description: Microsoft Internet Explorer is the most widely used World Wide Web browser. It is developed
by Microsoft. Microsoft Internet Explorer (Microsoft Internet Explorer version 6 on Windows XP SP2) is a integer
underflow vulnerability. Microsoft WebViewFolderIcon object is an ActiveX control is provided by the file webvw.dll.
By passing a malformed WebViewFolderIcon ActiveX Object(webvw.dll) with an invalid argument to the "setslice()"
method, a remote attacker could exploit this vulnerability to execute arbitrary code on the victim's system or cause the
victim's browser to crash. Apply the updates listed in Microsoft Security Bulletin MS06-057 or set the kill bit for
CLSID 844F4806-E8A8-11d2-9652-00C04FC30871
Signature ID: 1514
Internet explorer WebViewFolderIcon ActiveX Code Execution Vulnerability(2)
Threat Level: Warning
Industry ID: CVE-2006-3730 Bugtraq: 19030
Signature Description: Microsoft Internet Explorer is the most widely used World Wide Web browser. It is developed
by Microsoft. Microsoft Internet Explorer (Microsoft Internet Explorer version 6 on Windows XP SP2) is a integer
underflow vulnerability. Microsoft WebViewFolderIcon object is an ActiveX control is provided by the file webvw.dll.
By passing a malformed WebViewFolderIcon ActiveX Object(webvw.dll) with an invalid argument to the "setslice()"
method, a remote attacker could exploit this vulnerability to execute arbitrary code on the victim's system or cause the
victim's browser to crash. Apply the updates listed in Microsoft Security Bulletin MS06-057 or set the kill bit for
CLSID E5DF9D10-3B52-11D1-83E8-00A0C90DC849.
Signature ID: 1521
Cisco IOS Software HTTP Request Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0984 Bugtraq: 1838
Signature Description: Cisco IOS is the operating system used on a vast majority of Cisco Systems routers and all
current Cisco network switches. The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial
of service (crash and reload) via a URL containing a "?/" string. The device will enter an infinite loop when supplied
with a URL containing a "?/" and an enable password. Subsequently, the router will crash in two minutes after the
watchdog timer has expired and will then reload. In certain cases, the device will not reload and a restart would be
required.
Signature ID: 1525
Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution
Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5745 Bugtraq: 20915
Signature Description: Microsoft XML Core Services (MSXML) allow developers who use applications such as
JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio to create XML-based applications.
MSXML includes the XMLHTTP ActiveX control, which allows web pages to transmit or receive XML data via
HTTP operations. The XMLHTTP 4.0 ActiveX control contains an unspecified memory corruption vulnerability. By
persuade the victim to visit a Web page containing %u encoded malicious data attacker can execute arbitrary code in
victim machine. Apply the available patch provided by vendor or alternately user can set a kill bit to the clsids
88d969c5-f192-11d4-a65f-0040963251e5 and 88d96a0a-f192-11d4-a65f-0040963251e5