TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
776
Signature ID: 34140
Yahoo Messenger WebCam Upload ActiveX Control Send Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3147 Bugtraq: 24354,24341
Signature Description: Yahoo Webcam is a component of Yahoo Messenger that allows users to chat via webcams
over a network. Yahoo Webcam Upload includes an ActiveX control provided by the file ywcupl.dll. This ActiveX
control (ywcupl.dll) contains a stack buffer overflow vulnerability in the Server property.By convincing a user to view
a specially crafted HTML attachment an attacker may be able to execute arbitrary code with the privileges of the user
The attacker could also crash the victim WebBrowser. Yahoo Messenger 8.0.1 and Yahoo Messenger 8.1.0.29 are
vulnerable. Upgrade to the latest version of Yahoo! Messenger (8.1.0.401 or later), available from the Yahoo!
Messenger Web site. Alternate solution is user can set kill bit for DCE2F8B1-A520-11D4-8FD0-00D0B7730277.
Signature ID: 34143
NeoTrace Express ActiveX TraceTarget Method Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6707 Bugtraq: :21697
Signature Description: McAfee NeoTrace Pro delivers a powerful tool for checking information on internet locations.It
shows how packets get from your computer to another computer on the Internet by displaying all nodes between your
computer and the trace target. NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) by passing large string to the
TraceTarget() method.The remote attacker can exploit this vulnerability via a malicious web page with invalid method
parameters to execute arbitrary code in currently logged-in user context and overflow the buffer through
NeoTraceLoader ActiveX control method. NeoTrace Express 3.25 and NeoTrace Professional 3.25 are vulnerable. set
killbit to clsid mentioned in Microsoft security bulletin to resolve this issue.
Signature ID: 34144
NeoTrace Express ActiveX TraceTarget Method Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6707 Bugtraq: :21697
Signature Description: McAfee NeoTrace Pro delivers a powerful tool for checking information on internet locations.
It shows how packets get from your computer to another computer on the Internet by displaying all nodes between your
computer and the trace target. NeoTrace Express 3.25 and NeoTrace Professional 3.25 are vulnerable to stack based
buffer overflow vulnerability. By passing large string to the TraceTarget() method, the remote attacker can exploit this
vulnerability via a malicious web page to execute arbitrary code in currently logged-in user context and overflow the
buffer through NeoTraceLoader ActiveX control method.
Signature ID: 34146
Yahoo Messenger WebCam Upload ActiveX Control Send Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3147
Bugtraq: 24354,24341
Signature Description: Yahoo Webcam is a component of Yahoo Messenger that allows users to chat via webcams
over a network. Yahoo Webcam Upload includes an ActiveX control provided by the file ywcupl.dll. This ActiveX
control (ywcupl.dll) contains a stack buffer overflow vulnerability in the Server property.By convincing a user to view
a specially crafted HTML attachment an attacker may be able to execute arbitrary code with the privileges of the user
The attacker could also crash the victim Web browser. Yahoo Messenger 8.0.1 and Yahoo Messenger 8.1.0.29 are
vulnerable. Upgrade to the latest version of Yahoo! Messenger (8.1.0.401 or later), available from the Yahoo!
Messenger Web site. Alternate solution is user can set kill bit for DCE2F8B1-A520-11D4-8FD0-00D0B7730277 to
resolve this issue.