TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
752
Signature ID: 32707
Microsoft Windows Media Player MIDI File Format DoS
Threat Level: Severe
Industry ID: CVE-2006-6602 Bugtraq: 21612
Signature Description: A vulnerability has been identified in Microsoft Windows Media Player, which could be
exploited by attackers to cause a denial of service.This issue is due to a division by zero error when handling a specially
crafted MIDI file with a header chunk containing malformed fields, which could be exploited by attackers to crash a
vulnerable application via a specially crafted file.
Signature ID: 32708
HTTP Windows Shell User Logon ActiveX Vulnerability S
Threat Level: Severe
Signature Description: This signature detects an attempt to create an unauthorised user account on a remote system by
exploiting Windows Shell User Logon ActiveX control vulnerability. The Windows Shell User Logon ActiveX control
is prone to a vulnerability that allows attackers to create user accounts on victim computers. Exploiting this issue can
aid in further attacks and may result in the compromise of affected computers. Version 6.0.2900.2180 is vulnerable,
other versions may also be affected.
Signature ID: 32709
WinZip FileView ActiveX Control Unsafe Method Exposure
Threat Level: Severe
Signature Description: The Sky Software FileView object is an ActiveX control that is provided with several
applications, such as WinZip. This ActiveX control contains several unsafe methods, but is marked "safe for scripting"
and "safe for initialization". For example, some of the methods of this ActiveX control allow an attacker to open, copy,
delete, or execute arbitrary files on the target computer. Some vulnerabilities in WinZip have been reported, which can
be exploited by remote users to compromise a user's system. Several unspecified insecure methods exist in the
FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61). This can be exploited to execute arbitrary code when a
user example visits a malicious website. A boundary error in the FileView ActiveX control within the handling of the
"filepattern" property can be exploited to cause a buffer overflow.WinZip 10.0 versions prior to Build 7245 is
vulnerable.The vulnerabilities have been fixed in version 10.0 Build 7245.
Signature ID: 32710
HTTP Zenturi ProgramChecker ActiveX Fill Method OverFlow
Threat Level: Severe
Signature Description: Zenturi ProgramChecker is a suite of utilities for analyzing programs running on a Windows
computer.This signature detects attempts to exploit a buffer overflow vulnerability in Zenturi ProgramChecker. The
application is prone to a stack-based buffer-overflow vulnerability because it fails to bounds-check user-supplied data
before copying it into an insufficiently sized buffer.This issue occurs when excessive data is passed to the 'Fill' method
of the 'sasatl.dll' library.This issue resides in the ActiveX control with CLSID 7D6B5B29-FC7E-11D1-9288-
00104B885781. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of
the application using the ActiveX control. Failed exploit attempts likely result in denial-of-service
conditions.ProgramChecker 1.5.0.531 is vulnerable, other versions may also be affected.
Signature ID: 32711
FTP acFTP 1.5 PBSZ Denial of Service
Threat Level: Severe
Signature Description: AcFTP is an OpenSource replacement for Microsoft FTP server and other proprietary FTP
servers for Windows.Unlike MS FTP, acFTP supports extended FTP commands set, including APPE and REST for