TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
713
Signature ID: 30426
ACTi Network Video Recorder nvUtility ActiveX Control SaveXMLFile/DeleteXMLFile
Method File Modification Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4583 Bugtraq: 25465
Signature Description: ACTi NVR system records video and audio and data information. The NVR nvUtility.Utility.1
ActiveX control (nvUtility.dll 1.0.14.0) in ACTi Network Video Recorder (NVR) SP2 2.0 is vulnerable to unauthorized
file access via SaveXMLFile and DeleteXMLFile methods. By persuading a victim to visit a specially-crafted web
page containing UTF-16 encoded data, a remote attacker could exploit this vulnerability to write malicious data and
corrupt arbitrary files or delete files on the system.. No remedy is available as of September 2007. Users are advised to
set the killbit for for the vulnerable ActiveX control's CLSID A0D43FB0-116B-47AB-80FB-6DCFA92A03E3.
Signature ID: 30427
ACTi Network Video Recorder nvUtility ActiveX Control SaveXMLFile/DeleteXMLFile
Method File Modification Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4583 Bugtraq: 25465
Signature Description: ACTi NVR system records video and audio and data information. The NVR nvUtility.Utility.1
ActiveX control (nvUtility.dll 1.0.14.0) in ACTi Network Video Recorder (NVR) SP2 2.0 is vulnerable to unauthorized
file access via SaveXMLFile and DeleteXMLFile methods. By persuading a victim to visit a specially-crafted web
page, a remote attacker could exploit this vulnerability to write malicious data and corrupt arbitrary files or delete files
on the system.. No remedy is available as of September 2007. Users are advised to set the killbit for for the vulnerable
ActiveX control's CLSID corresponding to the prog id nvUtility.Utility.1
Signature ID: 30428
SIDVault LDAP Server Remote Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4566 Bugtraq: 25460
Signature Description: SIDVault is a commercial LDAP server designed by Alpha Centauri Software Ltd. SIDVault
prior to 2.0f is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the LDAP login
mechanism. By sending a specially-crafted LDAP Bind request, a remote attacker could overflow a buffer and execute
arbitrary code on the system with root or SYSTEM level privileges. Upgrade to the latest version of SIDVault 2.0f or
later which is available from vendor's website.
Signature ID: 30429
Microsoft Visual FoxPro FPOLE.OCX ActiveX Control FoxDoCmd Method Multiple
Vulnerabilities
Threat Level: Severe
Industry ID: CVE-2007-4790
CVE-2007-5322 Bugtraq: 25571,25977
Signature Description: Microsoft Visual FoxPro is Microsoft's integrated development environment for the FoxPro
programming language. Microsoft Visual FoxPro version 6.0 installs an ActiveX Control FPOLE.OCX which is
vulnerable to a stack based buffer overflow via FoxDoCmd method. Also another vulnerability exists in FPOLE.OCX
where command execution is possible via arguments to FoxDoCmd function. By persuading a victim to visit a
specially-crafted Web page, a remote attacker could exploit these vulnerabilities to inject and execute arbitrary shell
commands on the victim's system. No updates are available as of October 2007. Users can mitigate the impact of this
vulnerability by disabling the control via Microsoft's "kill bit" mechanism for CLSID EF28418F-FFB2-11D0-861A-
00A0C903A97F. This signature detects attacks using CLSID and mothod.