TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
723
string to the Install() method, a remote attacker could overflow a buffer and execute arbitrary code on the system with
the privileges of the user or cause the victim's browser to crash. This rule triggers when the ActiveX Control is
accessed using Unicode. As a workaround set the kill-bit for the affected ActiveX control DEF37997-D9C9-4A4B-
BF3C-88F99EACEEC2. Vendor hasn't supplied any patches as of November 2007.
Signature ID: 30462
Altnet Download Manager ADM4 ActiveX Control Access Using Unicode
Threat Level: Severe
Industry ID: CVE-2007-5217 Bugtraq: 25903
Signature Description: The Altnet Download Manager is a software application that speeds up file downloads. The
Altnet Download Manager ActiveX control (adm4.dll) version 4.0.0.6, which is used in the file-sharing applications
Kazaa and Grokster, is vulnerable to a stack-based buffer overflow. By persuading a victim to visit a specially-crafted
Web page that passes an overly long string to the Install() method, a remote attacker could overflow a buffer and
execute arbitrary code on the system with the privileges of the user or cause the victim's browser to crash. This rule
triggers when the ActiveX Control is accessed using Unicode. As a workaround set the kill-bit for the affected ActiveX
control DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2. Vendor hasn't supplied any patches as of November 2007.
Signature ID: 30463
SonicWALL NetExtender NELaunchCtrl ActiveX AddRouteEntry Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5603 Bugtraq: 26288
Signature Description: SonicWall NetExtender is an SSL VPN client that is implemented by using an ActiveX control.
The NELaunchCtrl ActiveX control 2.5 before 2.5.0.56 (SSL-VPN 2000 and SSL-VPN 4000) and prior to 2.1.0.51
(SonicWALL SSL-VPN 200), which is provided by NELaunchX.dll, contains a stack buffer overflow in the
AddRouteEntry() method. By persuading a victim to visit a specially-crafted Web page that passes an overly long
second argument to the AddRouteEntry() method, a remote attacker could overflow a buffer and execute arbitrary code
on the system with the privileges of the victim or cause the victim's browser to crash. This vulnerability is addressed in
the client software provided by the 2.5 firmware for the SonicWall NetExtender 4000 and 2000 series VPN units and
2.1 firmware for the SonicWall NetExtender 200 series. This signature detects attacks using CLSID and %uHHHH
encoding.
Signature ID: 30464
SonicWALL NetExtender NELaunchCtrl ActiveX AddRouteEntry Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5603
Bugtraq: 26288
Signature Description: SonicWall NetExtender is an SSL VPN client that is implemented by using an ActiveX control.
The NELaunchCtrl ActiveX control 2.5 before 2.5.0.56 (SSL-VPN 2000 and SSL-VPN 4000) and prior to 2.1.0.51
(SonicWALL SSL-VPN 200), which is provided by NELaunchX.dll, contains a stack buffer overflow in the
AddRouteEntry() method. By persuading a victim to visit a specially-crafted Web page that passes an overly long
second argument to the AddRouteEntry() method, a remote attacker could overflow a buffer and execute arbitrary code
on the system with the privileges of the victim or cause the victim's browser to crash. This vulnerability is addressed in
the client software provided by the 2.5 firmware for the SonicWall NetExtender 4000 and 2000 series VPN units and
2.1 firmware for the SonicWall NetExtender 200 series. This signature detects attacks using CLSID and %HH
encoding.