TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
220
Signature ID: 1530
WinZip FileView ActiveX Control Unsafe filepattern() Method Exposure Vulnerability(3)
Threat Level: Warning
Industry ID: CVE-2006-5198 Bugtraq: 21060
Signature Description: Winzip is a proprietary file archiver and compressor for Microsoft windows, developed by
WinZip Computing (Nico Mak Computing). Winzip's FileView ActiveX control version 10.0 prior to Build 7245 is
vulnerable to a stack-based buffer overflow. By persuading a victim to visit a specially-crafted web page that passes the
classid, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the
user or cause the victim's browser to crash. As a workaround set the kill bit for affected ActiveX control A09AE68F-
B14D-43ED-B713-BA413F034904.
Signature ID: 1531
Acer LunchApp.APlunch ActiveX Control Run Insecure Method Exposure Vulnerability(1)
Threat Level: Severe
Industry ID: CVE-2006-6121 Bugtraq: 21207
Signature Description: Acer LunchApp ActiveX control is provided by LuchApp.ocx. Acer laptops could allow a
remote attacker to execute arbitrary commnads on the system, caused by the use of the insecure "Run()" method by the
LuchApp.ApLunch ActiveX control. A remote attacker could exploit this vulnerability to by creating a malicious Web
page and persuading a victim to visit the page. The affected versions are Acer Aspire 5600 and Acer TravelMate 4150.
No remedy available. User can set the kill bit for CLSID.
Signature ID: 1532
Acer LunchApp.APlunch ActiveX Control Run Insecure Method Exposure Vulnerability(2)
Threat Level: Severe
Industry ID: CVE-2006-6121 Bugtraq: 21207
Signature Description: Acer LunchApp ActiveX control is provided by LuchApp.ocx. Acer laptops could allow a
remote attacker to execute arbitrary commands on the system, caused by the use of the insecure "Run()" method by the
LuchApp.ApLunch ActiveX control. A remote attacker could exploit this vulnerability to by creating a malicious Web
page and persuading a victim to visit the page. The affected versions are Acer Aspire 5600 and Acer TravelMate 4150.
No remedy available. This rule detects the Progid(LunchApp.APlunch).
Signature ID: 1533
Acer LunchApp.APlunch ActiveX Control Run Insecure Method Exposure Vulnerability(3)
Threat Level: Warning
Industry ID: CVE-2006-6121 Bugtraq: 21207
Signature Description: Acer LunchApp ActiveX control is provided by LuchApp.ocx. Acer laptops could allow a
remote attacker to execute arbitrary commnads on the system, caused by the use of the insecure "Run()" method by the
LuchApp.ApLunch ActiveX control. A remote attacker could exploit this vulnerability to by creating a malicious Web
page and persuading a victim to visit the page. The affected versions are Acer Aspire 5600 and Acer TravelMate 4150.
No remedy available. User can set the kill bit for CLSID. This signature detect only classid.
Signature ID: 1534
Altnet Download Manager Buffer Overflow Vulnerability(1)
Threat Level: Warning
Industry ID: CVE-2004-2433
Bugtraq: 11101
Signature Description: This vulnerability is caused due to a boundary error within the IsValidFile() method in the
ADM ActiveX control. This can be exploited to cause a stack-based buffer overflow via a malicious web site by
passing an overly long string to the bstrFilepath parameter.The application is included in the file-sharing applications