TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
682
the VNC protocol to control another computer's screen remotely. Ultr@VNC client version 1.0.1 is vulnerable to a
buffer overflow, caused by improper bounds checking of the Log::ReallyPrint() function when logging replies received
from a VNC server. During login process if the client sends invalid credentials server replies with a reason string
indicating the reason for failure. A remote attacker in control of a malicious VNC server may send an overly long string
in an error response and thus overflow a buffer and execute arbitrary code on the vulnerable system. Upgrade to the
latest version of Ultr@VNC (1.0.2 or later), available from the Ultr@VNC Web site. AT&T WinVNC (Virtual
Network Computing) client 3.3.3r7 and earlier are also affected by this kind of vulnerability through a long connection
failed reason string.
Signature ID: 30301
Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Control Directory Traversal Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4031 CVE-2007-4061 CVE-2007-4062 Bugtraq: 25088
Signature Description: Nessus is a remote vulnerability scanner for several Operating Systems. The Nessus ScanCtrl
ActiveX control (SCANCTRL.ScanCtrlCtrl.1) contains several flaws through its 'deleteReport', 'deleteNessusRC',
'saveNessusRC', and 'addsetConfig' methods. A specially crafted web page that instantiates this control could exploit
these vulnerabilities to overwrite arbitrary files, send arbitrary local files to a remote host, or delete arbitrary files via
directory traversal. Upgrade to the latest version of Nessus (3.0.6.1 or later), available from the Nessus Web site.
Signature ID: 30302
Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4034 Bugtraq: 25086
Signature Description: The Yahoo Widget Engine (formerly known as Konfabulator) is a JavaScript runtime engine for
Windows and Mac OS X that lets you run little files called Widgets (Eg., alarm clocks, calculators, weather indicators
etc.,). The Yahoo! Widgets YDPCTL ActiveX control YDPCTL.dll in version prior to 4.0.5 is vulnerable to a stack
based buffer overflow. By convincing a victim to visit a specially-crafted web page containing %u encoded shellcode
data, a remote attacker may execute arbitrary code or crash the application. Upgrade to version 4.0.5 or later to resolve
this issue.
Signature ID: 30303
Computer Associates eTrust Intrusion Detection Caller.dll ActiveX Control Code Execution
Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-3302 Bugtraq: 25050
Signature Description: Computer Associates eTrust Intrusion Detection is a network intrusion management and
prevention system, that includes real-time session monitoring and Internet web filtering capabilities. eTrust Intrusion
Detection is vulnerable to remote code execution via Caller.dll ActiveX Control. While installation it registers the
ActiveX Control Caller.dll with clsid 41266C21-18D8-414B-88C0-8DCA6C25CEA0 as safe for scripting but this
ActiveX Control contains some scriptable functions which allow web pages to load arbitrary DLLs and call their
exports. A remote attacker could exploit this vulnerability by convincing a victim to visit a specially-crafted Web page.
Refer to CA SupportConnect document for patch information or possible workarounds. This signature detects attacks
using CLSID.
Signature ID: 30304
BakBone NetVault Report Manager Scheduler Client and Server Heap Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3911
Bugtraq: 25068
Signature Description: BakBone NetVault Report Manager provides file system and backup reporting for single or