TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
222
Signature ID: 1539
Microsoft Internet Explorer ADODB.Connection Execute() Memory Corruption
Vulnerability(3)
Threat Level: Warning
Industry ID: CVE-2006-5559 Bugtraq: 20704
Signature Description: Microsoft ActiveX Data Objects (ADO) are objects that expose data raised by an underlying
OLE DB provider. The ADODB.Connection ActiveX control (ADODB.Connection.2.7 and ADODB.Connection.2.8)
are vulnerable to a memory corruption via Execute method. A remote attacker could exploit this vulnerability by
creating a specially-crafted Web page, and persuading a victim to visit the page. User can update the available patches.
Alternatively user can set the kill bit for ADODB.connection ActiveX control CLSID 00000535-0000-0010-8000-
00AA006D2EA4.
Signature ID: 1540
QuickTime Media Link(qtl) arbitrary Script inclusion vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4965 CVE-2007-5045 Bugtraq: 20138
Signature Description: The vulnerability is caused by a quite useful feature called QuickTime Media Link (.qtl).
QuickTime Media Link files are used to play media files in a more accessible way. A malicious user can create a .qtl
file which can contain JavaScript code that can takeover some important network device when executed. QuickTime
doesn't mind if Media Link (.qtl) files end with .mp3, .mp4, .m4a or even .mov extension. Vulnerable Platforms are
openSUSE 10.2, openSUSE 10.3, SUSE Linux 10, SUSE Linux 10.1, SUSE Linux Enterprise Server 10, SuSE Linux
Enterprise Server 8, SUSE Linux Enterprise Server 9, SuSE Linux Openexchange Server 4.x, UnitedLinux 1.0 and
Mozilla Firefox.
Signature ID: 1541
RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability(1)
Threat Level: Warning
Industry ID: CVE-2006-6847 Bugtraq: 21802
Signature Description: RealPlayer is a media player. RealPlayer ActiveX control allows users to stream various media
files through their web browser. Realplayer activex control(RealPlayer 10.5) is vulnerable to a buffer overflow caused
by improper bounds checking by OpenURLInPlayerBrowser() method. A remote attacker could overflow a buffer and
execute arbitrary code on the system with the privileges of the victim or cause the victim's browser to crash. User can
set the killbit for CLSID FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to disable this ActiveX. No update is
available as of 2008.
Signature ID: 1542
RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability(2)
Threat Level: Warning
Industry ID: CVE-2006-6847 Bugtraq: 21802
Signature Description: RealPlayer is a media player. RealPlayer ActiveX control allows users to stream various media
files through their web browser. Realplayer activex control(RealPlayer 10.5) is vulnerable to a buffer overflow caused
by improper bounds checking by OpenURLInPlayerBrowser() method. A remote attacker could overflow a buffer and
execute arbitrary code on the system with the privileges of the victim or cause the victim's browser to crash. No update
is available as of 2008. This Signature detects the progid(IERPCtl.IERPCtl).