TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
710
Signature ID: 30415
Oracle JInitiator beans.ocx ActiveX control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4467 Bugtraq: 25473
Signature Description: Oracle JInitiator allows users to run Oracle Developer Server applications within a web
browser. The Oracle JInitiator ActiveX control beans.ocx is vulnerable to multiple stack buffer overflows in
initialization parameters. By persuading a victim to visit a specially-crafted Web page which contains UTF-16 encoded
exploit data, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of
the victim. No remedy is available as of August 2007. Users are advised to set kill bit to the clsid 7C2C94F0-7991-
42B4-8D5F-4CB15B490657 to resolve this issue.
Signature ID: 30416
Yahoo Messenger YVerInfo.dll ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4515 Bugtraq: 25494
Signature Description: Yahoo! Messenger is a instant messaging application that allows users to chat online, share
files. The Yahoo! Messenger ActiveX control (YVerInfo.dll version 2006.8.24.1) is vulnerable to a stack-based buffer
overflow that can be exploited via fvcom() or info() methods. A remote attacker can create specially crafted HTML
that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system with
the privileges of the user. Yahoo Inc. has addressed this vulnerability in Yahoo messenger version 8.1.0.419.
Alternatively user can set the killbit for for the vulnerable ActiveX control's CLSID D5184A39-CBDF-4A4F-AC1A-
7A45A852C883. This signature detects attacks using CLSID and %uHHHH encoding.
Signature ID: 30417
Yahoo Messenger YVerInfo.dll ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4515 Bugtraq: 25494
Signature Description: Yahoo! Messenger is a instant messaging application that allows users to chat online, share
files. The Yahoo! Messenger ActiveX control (YVerInfo.dll version 2006.8.24.1) is vulnerable to a stack-based buffer
overflow that can be exploited via fvcom() or info() methods. A remote attacker can create specially crafted HTML
that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system with
the privileges of the user. Yahoo Inc. has addressed this vulnerability in Yahoo messenger version 8.1.0.419.
Alternatively user can set the killbit for for the vulnerable ActiveX control's CLSID D5184A39-CBDF-4A4F-AC1A-
7A45A852C883. This signature detects attacks using CLSID and %HH encoding.
Signature ID: 30418
Yahoo Messenger YVerInfo.dll ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4515 Bugtraq: 25494
Signature Description: Yahoo! Messenger is a instant messaging application that allows users to chat online, share
files. The Yahoo! Messenger ActiveX control (YVerInfo.dll version 2006.8.24.1) is vulnerable to a stack-based buffer
overflow that can be exploited via fvcom() or info() methods. A remote attacker can create specially crafted HTML
that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system with
the privileges of the user. Yahoo Inc. has addressed this vulnerability in Yahoo messenger version 8.1.0.419.
Alternatively user can set the killbit for for the vulnerable ActiveX control's CLSID D5184A39-CBDF-4A4F-AC1A-
7A45A852C883. This signature detects attacks using PROGID and %uHHHH encoding.