TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
226
the Internet Explorer browser, a remote attacker could overflow a buffer and execute arbitrary code on the system with
permissions of the victim user. An attacker could exploit this vulnerability by hosting the file on a web site or sending it
to a victim as an email attachment. user can set killbit to the clsid corresponding to the progid PeerDraw.PeerDraw.1 to
resolve this issue.
Signature ID: 1556
Microsoft Internet Explorer VML Buffer overflow Vulnerability(3)
Threat Level: Warning
Industry ID: CVE-2006-4868 CVE-2006-3866 Bugtraq: 20096
Signature Description: Microsoft Internet Explorer is a series of graphical web browser developed by Microsoft.
Microsoft Internet Explorer (Microsoft Internet Explorer 5.01 SP4, 6 SP1) is a stack-based buffer overflow
vulnerability in "VGX.dll" in the processing of Vector Markup Language(VML) text. VML(Vector Markup Language)
is an XML(Extensible Markup Language) language used to produce vector graphics. By creating a malicious HTML
document containing specially-crafted VML document containing an overly long "fill" method inside a "rect" tag with
the Internet Explorer browser, a remote attacker could overflow a buffer and execute arbitrary code on the system with
permissions of the victim user. An attacker could exploit this vulnerability by hosting the file on a web site or sending it
to a victim as an email attachment. user can set killbit to the clsid 10072CEC-8CC1-11D1-986E-00A0C955B42E to
resolve this issue.
Signature ID: 1561
Microsoft HTML Help ActiveX control Input Validation Vulnerability(1)
Threat Level: Warning
Industry ID: CVE-2007-0214 Bugtraq: 22478
Signature Description: Hypertext Markup Language(HTML) is a programming language used to create documents for
display on the World Wide Web. The markup tells the Web browser how to display a Web page's words and images for
the user. The HTML Help control (HHCtrl Object) is a Windows ActiveX control that provides the ability to view
HTML help files. The HHCtrl Object is included in the file hhctrl.ocx and provides the ProgID(Intenet.HHCtrl). By
passed malformed arguments to certain methods, a remote attacker could exploit this vulnerability and execute arbitrary
code by tricking a user into visiting a specially-crafted web page. Affected versions are Microsoft Windows 2000 SP3,
XP SP2 and Professional, Microsoft Windows 2003 SP1.
Signature ID: 1562
Microsoft HTML Help ActiveX control Input Validation Vulnerability-2
Threat Level: Warning
Industry ID: CVE-2007-0214
Bugtraq: 22478
Signature Description: Hypertext Markup Language(HTML) is a programming language used to create documents for
display on the World Wide Web. The markup tells the Web browser how to display a Web page's words and images for
the user. The HTML Help control (HHCtrl Object) is a Windows ActiveX control that provides the ability to view
HTML help files. By passing malformed arguments to certain methods, a remote attacker could exploit this
vulnerability and execute arbitrary code. Affected versions are Microsoft Windows 2000 SP3, XP SP2 and
Professional, Microsoft Windows 2003 SP1. User can set kill bit to the clsid 52a2aaae-085d-4187-97ea-8c30db990436
to resolve this issue.
Signature ID: 1696
Microsoft IIS Failure To Log Undocumented TRACK Requests Vulnerability
Threat Level: Warning
Bugtraq: 9313
Signature Description: Microsoft Internet Information Services (IIS) is a set of Internet-based services for servers using
Microsoft Windows. Microsoft Internet Information Server(Microsoft IIS 4.0 and 5.0) fails to properly log HTTP