TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
730
Signature ID: 32270
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using CLSID0DDF3B7F-E692-11D1-AB06-00AA00BDD685) and SaveAs method.
Signature ID: 32271
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using PROGID(PDWizard.Script) and SaveAs method.
Signature ID: 32272
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using CLSID and CABDefaultURL method.