TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
719
disable the ActiveX Control clsid 2CC3D8DE-18BF-43ff-8CB8-21B442300FD5 but it will affect the functionality of
the application. Upgrade to latest version of the software available from vendor's website.
Signature ID: 30447
Intuit QuickBooks Online Edition ActiveX Control CLSID Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2007-4471 CVE-2007-0322 Bugtraq: 25544
Signature Description: Intuit QuickBooks Online Edition is a version of Intuit's popular QuickBooks bookkeeping
application implemented as an ActiveX control that can be run within Microsoft Internet Explorer. The QuickBooks
Online Edition ActiveX control version 9 and prior contain multiple vulnerabilities that allow execution of arbitrary
code or modification of files. By persuading a victim to visit a specially-crafted Web page, a remote attacker could
exploit these vulnerabilities to overwrite, corrupt, and download arbitrary files on the system or execute arbitrary code.
This rule gets hit when one of the affected CLSIDs is accessed using Unicode. These issues are addressed in version 10
of the QuickBooks Online Edition ActiveX control. As a workaround user can use Microsoft 'killbit' mechanism to
disable the ActiveX Control clsid DBB177CC-6908-4b53-9BEE-F1C697818D65 but it will affect the functionality of
the application. Upgrade to latest version of the software available from vendor's website.
Signature ID: 30448
Intuit QuickBooks Online Edition ActiveX Control CLSID Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2007-4471 CVE-2007-0322 Bugtraq: 25544
Signature Description: Intuit QuickBooks Online Edition is a version of Intuit's popular QuickBooks bookkeeping
application implemented as an ActiveX control that can be run within Microsoft Internet Explorer. The QuickBooks
Online Edition ActiveX control version 9 and prior contain multiple vulnerabilities that allow execution of arbitrary
code or modification of files. By persuading a victim to visit a specially-crafted Web page, a remote attacker could
exploit these vulnerabilities to overwrite, corrupt, and download arbitrary files on the system or execute arbitrary code.
This rule gets hit when one of the affected CLSIDs is accessed using Unicode. These issues are addressed in version 10
of the QuickBooks Online Edition ActiveX control. As a workaround user can use Microsoft 'killbit' mechanism to
disable the ActiveX Control clsid A80D199B-CFDD-4da4-8C47-2310D5B8DD97 but it will affect the functionality of
the application. Upgrade to latest version of the software available from vendor's website.
Signature ID: 30449
Intuit QuickBooks Online Edition ActiveX Control CLSID Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2007-4471
CVE-2007-0322 Bugtraq: 25544
Signature Description: Intuit QuickBooks Online Edition is a version of Intuit's popular QuickBooks bookkeeping
application implemented as an ActiveX control that can be run within Microsoft Internet Explorer. The QuickBooks
Online Edition ActiveX control version 9 and prior contain multiple vulnerabilities that allow execution of arbitrary
code or modification of files. By persuading a victim to visit a specially-crafted Web page, a remote attacker could
exploit these vulnerabilities to overwrite, corrupt, and download arbitrary files on the system or execute arbitrary code.
This rule gets hit when one of the affected CLSIDs is accessed using Unicode. These issues are addressed in version 10
of the QuickBooks Online Edition ActiveX control. As a workaround user can use Microsoft 'killbit' mechanism to
disable the ActiveX Control clsid 0D3983A9-4E29-4f33-8313-DA22B29D3F87. Upgrade to latest version of the
software available from vendor's website.
Signature ID: 30450
Intuit QuickBooks Online Edition ActiveX Control CLSID Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2007-4471
CVE-2007-0322 Bugtraq: 25544
Signature Description: Intuit QuickBooks Online Edition is a version of Intuit's popular QuickBooks bookkeeping