TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
657
Signature ID: 30019
CommuniGate Pro LDAP Server Negative Length BER Field Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-0468
Bugtraq: 16407
Signature Description: CommuniGate Pro is a communication server which includes an LDAP module. The LDAP
server listens on TCP port 389 by default. CommuniGate Pro Server 5.0.7 and prior versions allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths.
Basic Encoding Rules (BER) is the transfer syntax used to unambiguously represent data in protocols such as LDAP
and Simple Network Management Protocol (SNMP). Attackers could construct an LDAP request that contains a
negative or overly large BER length field that could cause a buffer overflow, allowing the attacker to inject and execute
code. Users are advised to upgrade to the newer version.
Signature ID: 30020
Microsoft Multimedia Controls ActiveX control (daxctle.ocx) memory corruption
vulnerability(1)
Threat Level: Severe
Industry ID: CVE-2006-4777 Bugtraq: 20047
Signature Description: This vulnerability is caused due to an input validation error in the DirectAnimation.PathControl
ActiveX control when processing KeyFrame method. The vulnerable function takes three arguments. Successful
exploits may allow attackers to crash the application, denying further service to users. This issue may also be exploited
to execute arbitrary machine-code
Signature ID: 30021
Microsoft Multimedia Controls ActiveX control (daxctle.ocx) memory corruption
vulnerability(2)
Threat Level: Severe
Industry ID: CVE-2006-4446 Bugtraq: 19738
Signature Description: This vulnerability is caused due to an input validation error in the DirectAnimation.PathControl
ActiveX control when processing Spline method. The vulnerable function takes three arguments. Successful exploits
may allow attackers to crash the application, denying further service to users. This issue may also be exploited to
execute arbitrary machine-code
Signature ID: 30022
Microsoft Multimedia Controls ActiveX control (daxctle.ocx) memory corruption
vulnerability(3)
Threat Level: Severe
Industry ID: CVE-2006-4777 Bugtraq: 20047
Signature Description: Microsoft's DirectAnimation is a suite of development functionality, predating Microsoft
DirectX, that provides animation support for web applications and other software. It includes a number of COM
objects. Microsoft Internet Explorer, version 6.0 SP1, is a heap-based buffer overflow vulnerability. This signature
detects when an attacker sending unknown manipulations in arguments to the KeyFrame method of DirectAnimation
ActiveX control. The successful exploitation may allow an attacker to execute arbitrary code on a victim's system. user
can set killbit to the clsid corresponding to the progid DirectAnimation.PathControl to resolve this issue.