TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
731
Signature ID: 32273
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using PROGID and CABDefaultURL method.
Signature ID: 32274
Microsoft Visual Studio 6.0 PDWizard (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary
Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-4891 Bugtraq: 25638
Signature Description: Visual Studio Tools for the Azure Services Framework, The Microsoft Visual Studio PDWizard
ActiveX control PDWizard.ocx) could allow a remote attacker to execute arbitrary code on the system, caused by a
vulnerability related to insecure usage of the StartProcess(), SyncShell(), SaveAs(), CABDefaultURL(),
CABFileName(), CABRunFile() methods. The remote attacker will send a specially-crafted web page or a specially-
crafted HTML file, when the victim visit, then the remote attacker could exploit this vulnerability to execute arbitrary
code on the system with the privileges of the application using the vulnerable ActiveX control. A certain ActiveX
control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes these dangerous methods,
which allows remote attackers to execute arbitrary programs and have other impacts. This signature detects attacks
using CLSID and CABFileName method.
Signature ID: 32569
Adobe Acrobat Reader Plugin-Denial of Service
Threat Level: Severe
Industry ID: CVE-2007-0044 Bugtraq: 21858
Signature Description: A remote user could exploit this vulnerability using the FDF, XML or XFDF parameter in a
specially-crafted URL for a PDF file that, when loaded by a target user, will cause arbitrary scripting code to be
executed by the target user's Firefox browser.The code will originate from the target site hosting the PDF file and will
run in the security context of that site.As a result, the code will be able to access the target user's cookies (including
authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form
to the site, or take actions on the site acting as the target user.The Adobe Reader plugins for Microsoft Internet
Explorer, Mozilla Firefox, and Opera browsers are affected.Adobe Acrobat Standard, Acrobat Professional, Acrobat
Elements, and Adobe Acrobat 3D are also affected when used with certain browsers.The vendor has issued fixed
versions of Adobe Reader (7.0.9, 8.0.0).
Signature ID: 32570
Adobe Acrobat Reader Plugin-UXSS in #FDF field
Threat Level: Severe
Industry ID: CVE-2007-0045
CVE-2007-0044 Bugtraq: 21858
Signature Description: A remote user could exploit this vulnerability using the FDF parameter in a specially-crafted