TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
695
programmers. The TypeLibInfoFromFile() function will accept a DLL file as argument and allows retrieval of
information from the DLL. A remote attacker may supply a DLL filename which is malicious via webdav/SMB share
path. The attacker supplied DLL have a malicious DLLGetDocumentation function which gets executed when a request
for the HelpString property is made. Install the vendor supplied patch mentioned in MS07-045 or set the killbit for
CLSID 8B217746-717D-11CE-AB5B-D41203C10000. This signature detects when an attacker try to exploit this
activex control by using CLSID with Unicode form.
Signature ID: 30350
Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2216
Bugtraq: 25289
Signature Description: The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a
remote code-execution vulnerability. The TypeLib Information object library, implemented in TlbInf32.dll is a set of
COM objects designed to make type library browsing functionality easily accessible to both Visual Basic and C++
programmers. The TypeLibInfoFromFile() function will accept a DLL file as argument and allows retrieval of
information from the DLL. A remote attacker may supply a DLL filename which is malicious via webdav/SMB share
path. The attacker supplied DLL have a malicious DLLGetDocumentation function which gets executed when a request
for the HelpString property is made. Install the vendor supplied patch mentioned in MS07-045 or set the killbit for
CLSID 8B217746-717D-11CE-AB5B-D41203C10000. This signature detects when an attacker try to exploit this
activex control by using progid.
Signature ID: 30351
Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2216 Bugtraq: 25289
Signature Description: The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a
remote code-execution vulnerability. The TypeLib Information object library, implemented in TlbInf32.dll is a set of
COM objects designed to make type library browsing functionality easily accessible to both Visual Basic and C++
programmers. The TypeLibInfoFromFile() function will accept a DLL file as argument and allows retrieval of
information from the DLL. A remote attacker may supply a DLL filename which is malicious via webdav/SMB share
path. The attacker supplied DLL have a malicious DLLGetDocumentation function which gets executed when a request
for the HelpString property is made. Install the vendor supplied patch mentioned in MS07-045 or set the killbit for
CLSID 8B217746-717D-11CE-AB5B-D41203C10000. This signature detects when an attacker try to exploit this
activex control by using progid with Unicode form.
Signature ID: 30352
Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2216
Bugtraq: 25289
Signature Description: The Microsoft Visual Basic 6 TypeLib Information Library (TLI) ActiveX control is prone to a
remote code-execution vulnerability. The TypeLib Information object library, implemented in TlbInf32.dll is a set of
COM objects designed to make type library browsing functionality easily accessible to both Visual Basic and C++
programmers. The TypeLibInfoFromFile() function will accept a DLL file as argument and allows retrieval of
information from the DLL. A remote attacker may supply a DLL filename which is malicious via webdav/SMB share
path. The attacker supplied DLL have a malicious DLLGetDocumentation function which gets executed when a request
for the HelpString property is made. Install the vendor supplied patch mentioned in MS07-045 or set the killbit for
CLSIDs 8B217746-717D-11CE-AB5B-D41203C10000, 8B217752-717D-11CE-AB5B-D41203C10000 and
8B21775E-717D-11CE-AB5B-D41203C10000.