TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
733
Signature ID: 32601
HTTP MS IE COM ActiveX Object Memory Corruption Blnmgrps-2
Threat Level: Severe
Industry ID: CVE-2007-0219
Bugtraq: 22504
Signature Description: Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the
system, caused by a vulnerability when Internet Explorer attempts to instantiate certain COM objects as ActiveX
Controls (Msb1fren.dll, Htmlmm.ocx, and Blnmgrps.dll).An attacker could exploit this vulnerability by creating a
specially-crafted Web page containing an invalid COM object, and persuading the victim to visit the page. Users are
advised to set a kill bit to the clsid E56CCB42-598C-462D-9AD8-4FD5B4498C5D to resolve this issue.
Signature ID: 32602
HTTP MS IE COM ActiveX Object Memory Corruption Blnmgrps
Threat Level: Severe
Industry ID: CVE-2007-0219 Bugtraq: 22504
Signature Description: Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the
system, caused by a vulnerability when Internet Explorer attempts to instantiate certain COM objects as ActiveX
Controls (Msb1fren.dll, Htmlmm.ocx, and Blnmgrps.dll).An attacker could exploit this vulnerability by creating a
specially-crafted Web page containing an invalid COM object, and persuading the victim to visit the page.
Signature ID: 32603
Adobe Reader AcroPDF.dll ActiveX denial of service vulnerability
Threat Level: Warning
Industry ID: CVE-2006-6027 CVE-2007-1377 Bugtraq: 21813,22856
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Reader versions 9 and 7.0.8.0
are vulnerable to denial of service via sending long string argument to src method. By persuading a victim to visit a
specially-crafted Web page, a remote attacker could execute arbitrary code on the system with the privileges of the
victim. No remedy is available as of September 2008. User can set the kill bit for CLSID CA8A9780-280D-11CF-
A24D-444553540000.
Signature ID: 32604
HTTP Acer LunchApp.APlunch ActiveX Remote Code Execution
Threat Level: Severe
Industry ID: CVE-2006-6121 Bugtraq: 21207
Signature Description: A vulnerability has been identified in LunchApp.APlunch ActiveX Control, which could be
exploited by remote attackers to take complete control of an affected system.This flaw is due to a design error when
using the insecure "Run()" method, which could be exploited by remote attackers to execute arbitrary binaries on a
vulnerable system by tricking a user into visiting a specially crafted Web page.Affected Platforms are Acer
LunchApp.APlunch ActiveX Control version 1.0.0.0 and prior.
Signature ID: 32605
HTTP Macromedia Shockwave 10 (SwDir.dll) ActiveX Control DoS
Threat Level: Severe
Industry ID: CVE-2007-1403
Signature Description: Macromedia Shockwave Player is vulnerable to a denial of service, caused by multiple stack-
based buffer overflows in the SwDir.dll 10.1.4.20 ActiveX control.By persuading a victim to visit a malicious Web
page that passes an overly long BGCOLOR, SRC, AutoStart, Sound, DrawLogo or DrawProgress property value to the
vulnerable ActiveX control, a remote attacker could cause the victim's browser to crash.