TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
720
application implemented as an ActiveX control that can be run within Microsoft Internet Explorer. The QuickBooks
Online Edition ActiveX control version 9 and prior contain multiple vulnerabilities that allow execution of arbitrary
code or modification of files. By persuading a victim to visit a specially-crafted Web page, a remote attacker could
exploit these vulnerabilities to overwrite, corrupt, and download arbitrary files on the system or execute arbitrary code.
This rule gets hit when one of the affected CLSIDs is accessed using Unicode. These issues are addressed in version 10
of the QuickBooks Online Edition ActiveX control. As a workaround user can use Microsoft 'killbit' mechanism to
disable the ActiveX Control clsid D92D7607-05D9-4dd8-B68B-D458948FB883 but it will affect the functionality of
the application. Upgrade to latest version of the software available from vendor's website.
Signature ID: 30451
Intuit QuickBooks Online Edition ActiveX Control CLSID Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2007-4471 CVE-2007-0322 Bugtraq: 25544
Signature Description: Intuit QuickBooks Online Edition is a version of Intuit's popular QuickBooks bookkeeping
application implemented as an ActiveX control that can be run within Microsoft Internet Explorer. The QuickBooks
Online Edition ActiveX control version 9 and prior contain multiple vulnerabilities that allow execution of arbitrary
code or modification of files. By persuading a victim to visit a specially-crafted Web page, a remote attacker could
exploit these vulnerabilities to overwrite, corrupt, and download arbitrary files on the system or execute arbitrary code.
This rule gets hit when one of the affected CLSIDs is accessed using Unicode. These issues are addressed in version 10
of the QuickBooks Online Edition ActiveX control. As a workaround user can use Microsoft 'killbit' mechanism to
disable the ActiveX Control clsid 8CE3BAE6-AB66-40b6-9019-41E5282FF1E2 but it will affect the functionality of
the application. Upgrade to latest version of the software available from vendor's website.
Signature ID: 30452
Intuit QuickBooks Online Edition ActiveX Control CLSID Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2007-4471 CVE-2007-0322 Bugtraq: 25544
Signature Description: Intuit QuickBooks Online Edition is a version of Intuit's popular QuickBooks bookkeeping
application implemented as an ActiveX control that can be run within Microsoft Internet Explorer. The QuickBooks
Online Edition ActiveX control version 9 and prior contain multiple vulnerabilities that allow execution of arbitrary
code or modification of files. By persuading a victim to visit a specially-crafted Web page, a remote attacker could
exploit these vulnerabilities to overwrite, corrupt, and download arbitrary files on the system or execute arbitrary code.
This rule gets hit when one of the affected CLSIDs is accessed using Unicode. These issues are addressed in version 10
of the QuickBooks Online Edition ActiveX control. As a workaround user can use Microsoft 'killbit' mechanism to
disable the ActiveX Control clsid 40F8967E-34A6-474a-837A-CEC1E7DAC54C but it will affect the functionality of
the application. Upgrade to latest version of the software available from vendor's website.
Signature ID: 30453
Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution
Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5745 Bugtraq: 20915
Signature Description: Microsoft XML Core Services (MSXML) allow developers who use applications such as
JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio to create XML-based applications.
MSXML includes the XMLHTTP ActiveX control, which allows web pages to transmit or receive XML data via
HTTP operations. The XMLHTTP 4.0 ActiveX control contains an unspecified memory corruption vulnerability. A
remote attacker could exploit this vulnerability to execute arbitrary code on a victim's system, if the attacker could
persuade the victim to visit a Web page containing a malicious XMLHTTP ActiveX control. Microsoft has released
updates in Microsoft Security Bulletin MS06-071 to address this issue. This signature detects attack traffic using
PROGID with %HH encoding.