TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

731

732

733

734

735

736

737

738

739

740

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

737

Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as

ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. This signature

detects if an attacker try to exploit Htmlmm.ocx.

Signature ID: 32622

HTTP MS IE COM ActiveX Object Memory Corruption (Msb1fren.dll)

Threat Level: Severe

Industry ID: CVE-2007-0219 Bugtraq: 22504

Signature Description: Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating

certain COM objects Internet Explorer 7 on Microsoft Vista is not affected by this issue, Internet Explorer 7 on other

Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.Microsoft Internet

Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as

ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. This signature

detects if an attacker try to exploit Msb1fren.dll.

Signature ID: 32623

HTTP MS IE IMJPCKSI COM Object Memory Corruption (Imjpckdic.dll)

Threat Level: Severe

Industry ID: CVE-2006-4697 Bugtraq: 22486

Signature Description: Component Object Model, or COM objects are used to enable interprocess communication and

dynamic object creation within Microsoft Windows.Microsoft Internet Explorer contains a vulnerability that could be

exploited when it attempts to load specially crafted websites that instantiate specific COM objects contained in

Imjpcksid.dll, and Imjpskdic.dll.According to Microsoft Security Bulletin MS07-016.When Internet Explorer tries to

instantiate certain COM objects as ActiveX controls, the COM objects may corrupt the system state in such a way that

an attacker could execute arbitrary code.

Signature ID: 32624

HTTP Second Sight Active ActiveMod ActiveX Control filename overflow

Threat Level: Severe

Industry ID: CVE-2007-1691 CVE-2007-1690 Bugtraq: 23554

Signature Description: Second Sight Software ActiveMod is a music player that is provided as an ActiveX control.The

control, which is provided by ActiveMod.ocx, contains a stack buffer overflow vulnerability.By convincing a user to

view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the

user.The attacker could also cause the web browser to crash.

Signature ID: 32625

HTTP Second Sight Active ActiveGS ActiveX Control filename overflow

Threat Level: Severe

Industry ID: CVE-2007-1690 Bugtraq: 23554

Signature Description: Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an ActiveX

control.The control, which is provided by ActiveGS.ocx, contains multiple stack buffer overflow vulnerabilities.By

convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with

the privileges of the user.The attacker could also cause the web browser to crash.

Signature ID: 32626

HTTP NCT AudioFile2 ActiveX Control BufferOverflow

Threat Level: Severe

Industry ID: CVE-2007-0018 Bugtraq: 22196,23892

Signature Description: Online Media Technologies NCTsoft provides an ActiveX control called NCTAudioFile2. This