TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
758
Signature Description: Microsoft Speech API is a software package that provides text-to-speech and speech
recognition capabilities. The Microsoft Speech API 4 includes ActiveX controls called ActiveListen and ActiveVoice,
which are provided by Xlisten.dll and XVoice.dll, respectively. These ActiveX controls contain multiple buffer
overflow vulnerabilities. By convincing a user to view a specially crafted HTML document (e.g., a web page or an
HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS07-033. Alternately user
can set the killbit for CLSIDs EEE78591-FE22-11D0-8BEF-0060081841DE and 4E3D9D1F-0C63-11D1-8BFB-
0060081841DE to disable the ActiveX Control.
Signature ID: 32809
Microsoft Internet Explorer Speech API ActiveX Control FindEngine Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2007-2222 Bugtraq: 24426
Signature Description: Microsoft Speech API is a software package that provides text-to-speech and speech
recognition capabilities. The Microsoft Speech API 4 includes ActiveX controls called ActiveListen and ActiveVoice,
which are provided by Xlisten.dll and XVoice.dll, respectively. These ActiveX controls contain multiple buffer
overflow vulnerabilities. By convincing a user to view a specially crafted HTML document containing hex encoded
shellcode data, an attacker may be able to execute arbitrary code with the privileges of the user. Apply the appropriate
patch for your system, as listed in the Microsoft Security Bulletin MS07-033. Alternately user can set the killbit for
CLSIDs EEE78591-FE22-11D0-8BEF-0060081841DE and 4E3D9D1F-0C63-11D1-8BFB-0060081841DE to disable
the ActiveX Control.
Signature ID: 32817
CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5143 Bugtraq: 20365
Signature Description: Computer Associates(CA) Brightstor ARCserve Backup and Business Protection suite family of
software products offer data protection for distributed servers, clients, databases and applications. And they provide
Backup, Restore, Data Migration and Threat Management with centralized control. The ASCORE.dll used by Message
Engine RPC Server. The Message Engine RPC Server is vulnerable to a heap-based buffer overflow and Stack-base
buffer overflow. This signature will trigger when an attacker sending an opnum with overly long string, a remote
attacker could overflow a buffer and execute arbitrary code on the system. Exploit attempts of this vulnerability are
detected using a combination of two signatures. This is the second signature and generates a log message.
Signature ID: 32818
FTP WFTPD Server SITE ADMIN Command
Threat Level: Severe
Industry ID: CVE-2007-0311 Bugtraq: 22046
Signature Description: Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote
attackers to cause a denial of service via a long SITE ADMIN command.WFTPD Server 3.25 and prior versions are
reported vulnerable,other versions may also be affected.
Signature ID: 32969
Exploit 4XEM VatDecoder VatCtrl Class ActiveX Control Url Property Buffer Overflow
Vulnerability
Threat Level: Warning
Bugtraq: 28010
Signature Description: 4XEM Corporation markets a full line of IP (Internet Protocol) Network Video products.