TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
728
Signature ID: 32264
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using CLSID and Startprocess method.
Signature ID: 32265
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using PROGID and Startprocess method.
Signature ID: 32266
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using CLSID and SyncShell method.