TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
766
Signature ID: 34082
MS Windows HTML Help HHCtrl ActiveX Control Memory Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3357 Bugtraq: 18769
Signature Description: Microsoft IE is vulnerable to a heap-based buffer overflow in the HTML Help ActiveX control
(HHCtrl.ocx), caused by improper bounds checking of the 'Image' property. Attackers may exploit this issue via a
malicious web page to execute arbitrary code in the context of the currently logged-in user. Exploitation attempts may
lead to a denial-of-service condition as well. Attackers may also employ HTML email to carry out an attack. This
signature detects attacks using CLSID encoded in UTF encoding.
Signature ID: 34083
MS Windows HTML Help HHCtrl ActiveX Control Memory Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3357 Bugtraq: 18769
Signature Description: Microsoft IE is vulnerable to a heap-based buffer overflow in the HTML Help ActiveX control
(HHCtrl.ocx), caused by improper bounds checking of the 'Image' property. Attackers may exploit this issue via a
malicious web page to execute arbitrary code in the context of the currently logged-in user. Exploitation attempts may
lead to a denial-of-service condition as well. Attackers may also employ HTML email to carry out an attack. This
signature detects attacks using PROGID encoded in UTF encoding.
Signature ID: 34084
WinZip FileView ActiveX Control Unsafe filepattern() Method Exposure Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5198 Bugtraq: 21060
Signature Description: The Sky Software FileView object is an ActiveX control that is provided with several
applications, such as WinZip.Sky software (WinZip prior to 10.0.7245) is vulnerable to buffer overflow via filepattern
property.A remote attacker could exploit this vulnerability to execute arbitrary code on the victim's system, By
persuading a victim to visit a malicious Web page, containing %u encoded data and if the victim is using an affected
version of WinZip. User can set the kill bit for CLSID A09AE68F-B14D-43ED-B713-BA413F034904. Upgrade to the
latest version of WinZip (10.0 Build 7245 or later), available from the WinZip Web site.
Signature ID: 34085
WinZip FileView ActiveX Control Unsafe filepattern() Method Exposure Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5198 Bugtraq: 21060
Signature Description: The Sky Software FileView object is an ActiveX control that is provided with several
applications, such as WinZip.Sky software (WinZip prior to 10.0.7245) is vulnerable to buffer overflow via filepattern
property.A remote attacker could exploit this vulnerability to execute arbitrary code on the victim's system, By
persuading a victim to visit a malicious Web page, containing hex encoded exploit data and if the victim is using an
affected version of WinZip. User can set the kill bit for CLSID A09AE68F-B14D-43ED-B713-BA413F034904.
Upgrade to the latest version of WinZip (10.0 Build 7245 or later), available from the WinZip Web site.
Signature ID: 34086
WinZip FileView ActiveX Control Unsafe filepattern() Method Exposure Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5198 Bugtraq: 21060
Signature Description: The Sky Software FileView object is an ActiveX control that is provided with several
applications, such as WinZip.Sky software (WinZip prior to 10.0.7245) is vulnerable to buffer overflow via filepattern