TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
221
Kazaa and Grokster. Vulnerable to Altnet Download Manager 4.0.0.2 and prior, Altnet Download Manager 4.0.0.4. No
remedy available as of July 6, 2008.
Signature ID: 1535
Altnet Download Manager Buffer Overflow Vulnerability(2)
Threat Level: Severe
Industry ID: CVE-2004-2433 Bugtraq: 11101
Signature Description: This vulnerability is caused due to a boundary error within the IsValidFile() method in the
ADM ActiveX control.This can be exploited to cause a stack-based buffer overflow via a malicious web site by passing
an overly long string to the bstrFilepath parameter.The application is included in the file-sharing applications Kazaa
and Grokster. Vulnerable to Altnet Download Manager 4.0.0.2 and prior, Altnet Download Manager 4.0.0.4. This rule
detects the Progid and method. No remedy available as of July 6, 2008.
Signature ID: 1536
Altnet Download Manager Buffer Overflow Vulnerability(3)
Threat Level: Warning
Industry ID: CVE-2004-2433 Bugtraq: 11101
Signature Description: This vulnerability is caused due to a boundary error within the IsValidFile() method in the
ADM ActiveX control. This can be exploited to cause a stack-based buffer overflow via a malicious web site by
passing an overly long string to the bstrFilepath parameter.The application is included in the file-sharing applications
Kazaa and Grokster. Vulnerable to Altnet Download Manager 4.0.0.2 and prior, Altnet Download Manager 4.0.0.4.
This rule detects the Classid. No remedy available as of July 6, 2008.
Signature ID: 1537
Microsoft Internet Explorer ADODB.Connection Execute() Memory Corruption
Vulnerability(1)
Threat Level: Warning
Industry ID: CVE-2006-5559 Bugtraq: 20704
Signature Description: Microsoft ActiveX Data Objects (ADO) are objects that expose data raised by an underlying
OLE DB provider. The ADODB.Connection ActiveX control (ADODB.Connection.2.7 and ADODB.Connection.2.8)
are vulnerable to a memory corruption via Execute method. A remote attacker could exploit this vulnerability by
creating a specially-crafted Web page, and persuading a victim to visit the page. User can update the available patches.
Alternatively user can set the kill bit for ADODB.connection Activex control CLSID 00000535-0000-0010-8000-
00AA006D2EA4.
Signature ID: 1538
Microsoft Internet Explorer ADODB.Connection Execute() Memory Corruption
Vulnerability(2)
Threat Level: Severe
Industry ID: CVE-2006-5559 Bugtraq: 20704
Signature Description: Microsoft ActiveX Data Objects (ADO) are objects that expose data raised by an underlying
OLE DB provider. The ADODB.Connection ActiveX control (ADODB.Connection.2.7 and ADODB.Connection.2.8)
are vulnerable to a memory corruption via Execute method. A remote attacker could exploit this vulnerability by
creating a specially-crafted Web page, and persuading a victim to visit the page. User can update the available patches.
This signature detects the Progid(ADODB.Connection).