TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
721
Signature ID: 30454
Microsoft XML Core Service XMLHTTP ActiveX Control Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2006-5745
Bugtraq: 20915
Signature Description: Microsoft XML Core Services (MSXML) allow developers who use applications such as
JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio to create XML-based applications.
MSXML includes the XMLHTTP ActiveX control, which allows web pages to transmit or receive XML data via
HTTP operations. The XMLHTTP 4.0 ActiveX control contains an unspecified memory corruption vulnerability. A
remote attacker could exploit this vulnerability to execute arbitrary code on a victim's system, if the attacker could
persuade the victim to visit a Web page containing a malicious XMLHTTP ActiveX control. This rule triggers when
the ActiveX Control is accessed using Unicode. Microsoft has released updates in Microsoft Security Bulletin MS06-
071 to address this issue. This signature detects CLSID in UTF encoding.
Signature ID: 30455
Microsoft XML Core Service XMLHTTP ActiveX Control Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2006-5745 Bugtraq: 20915
Signature Description: Microsoft XML Core Services (MSXML) allow developers who use applications such as
JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio to create XML-based applications.
MSXML includes the XMLHTTP ActiveX control, which allows web pages to transmit or receive XML data via
HTTP operations. The XMLHTTP 4.0 ActiveX control contains an unspecified memory corruption vulnerability. A
remote attacker could exploit this vulnerability to execute arbitrary code on a victim's system, if the attacker could
persuade the victim to visit a Web page containing a malicious XMLHTTP ActiveX control. This rule triggers when
the ActiveX Control is accessed using Unicode. Microsoft has released updates in Microsoft Security Bulletin MS06-
071 to address this issue. This signature detects PROGID in UTF encoding.
Signature ID: 30456
EIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer
Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5699 Bugtraq: 26189
Signature Description: EIQnetworks Enterprise Security Analyzer (ESA) is a Security Information Management (SIM)
solution that enables organizations to proactively detect security breaches, identify corporate violations and eliminate
false positives before incidents occur. eIQnetworks Enterprise Security Analyzer (ESA) version 2.5.0 and prior is
vulnerable to a stack-based buffer overflow in the EnterpriseSecurityAnalyzer.exe service caused by improper bounds
checking of the SEARCHREPORT command. By sending an overly long argument to the SEARCHREPORT
command, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application
to crash. No remedy available as of October 2007 for this vulnerability.
Signature ID: 30457
Altnet Download Manager ADM4 ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5217
Bugtraq: 25903
Signature Description: The Altnet Download Manager is a software application that speeds up file downloads. The
Altnet Download Manager ActiveX control (adm4.dll) version 4.0.0.6, which is used in the file-sharing applications
Kazaa and Grokster, is vulnerable to a stack-based buffer overflow. By persuading a victim to visit a specially-crafted
Web page that passes an overly long string to the Install() method, a remote attacker could overflow a buffer and
execute arbitrary code on the system with the privileges of the user or cause the victim's browser to crash. As a