TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
777
Signature ID: 34147
Yahoo Messenger WebCam Upload ActiveX Control Send Method Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3147 Bugtraq: 24354,24341
Signature Description: Yahoo Webcam is a component of Yahoo Messenger that allows users to chat via webcams
over a network. Yahoo Webcam Upload includes an ActiveX control provided by the file ywcupl.dll. This ActiveX
control (ywcupl.dll) contains a stack buffer overflow vulnerability in the Server property.By convincing a user to view
a specially crafted HTML attachment an attacker may be able to execute arbitrary code with the privileges of the user
The attacker could also crash the victim Web browser. Yahoo Messenger 8.0.1 and Yahoo Messenger 8.1.0.29 are
vulnerable. Upgrade to the latest version of Yahoo! Messenger (8.1.0.401 or later), available from the Yahoo!
Messenger Web site. Alternate solution is user can set kill bit for progid YWcUpl.WcUpload clsid to resolve this issue.
Signature ID: 34149
HPMercury Quality Center SPIDERLib ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-1819 Bugtraq: 23239
Signature Description: Hewlett-Packard Mercury Quality Center is a web-based interface that allows managers to
automate software quality testing. HP Mercury Interactive Quality Center includes an ActiveX control called Spider
Module. It is provided by the file Spider.ocx or Spider90.ocx. This ActiveX control contains a stack buffer overflow in
the ProgColor property. The target ActiveX Control is part of the Mercury Quality Center web application which runs
on port 8080 by default. An attacker remotely log into the web application will have to install the vulnerable control,
can create specially crafted HTML that, when loaded by the target user, will trigger a stack overflow in the
'Spider90.ocx' ActiveX control used by HP Mercury Quality Center and execute arbitrary code on the target
system.The code will run with the privileges of the target user.A specially crafted 'ProgColor' parameter value can
trigger the overflow.The vulnerability reportedly affects version 8.2 SP1 and 9.0.Patches available in HP Security
Bulletin. This signature detects attack traffic containing the vulnerable CLSID and using %uHHHH encoding.
Signature ID: 34150
HPMercury Quality Center SPIDERLib ActiveX Control Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2007-1819
Bugtraq: 23239
Signature Description: Hewlett-Packard Mercury Quality Center is a web-based interface that allows managers to
automate software quality testing.HP Mercury Interactive Quality Center includes an ActiveX control called Spider
Module.It is provided by the file Spider.ocx or Spider90.ocx.This ActiveX control contains a stack buffer overflow in
the ProgColor property. The target ActiveX Control is part of the Mercury Quality Center web application which runs
on port 8080 by default.An attacker remotely log into the web application will have to install the vulnerable control,
can create specially crafted HTML that, when loaded by the target user, will trigger a stack overflow in the
'Spider90.ocx' ActiveX control used by HP Mercury Quality Center and execute arbitrary code on the target system.
The code will run with the privileges of the target user.A specially crafted 'ProgColor' parameter value can trigger the
overflow.The vulnerability reportedly affects version 8.2 SP1 and 9.0.Patches available in HP Security Bulletin. This
signature detects attack traffic containing the vulnerable CLSID and using %HH encoding.
Signature ID: 34151
HPMercury Quality Center SPIDERLib ActiveX Control (CLSID) Buffer Overflo
Threat Level: Severe
Industry ID: CVE-2007-1819 Bugtraq: 23239
Signature Description: Hewlett-Packard Mercury Quality Center is a web-based interface that allows managers to
automate software quality testing.HP Mercury Interactive Quality Center includes an ActiveX control called Spider