TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
781
victim to visit a specially-crafted web page that passes overly long arguments to the SetBgColor(), SetHREF(),
SetMovieName(), SetTarget(), or SetMatrix() function, a remote attacker could overflow a buffer and execute arbitrary
code on the system with the privileges of the victim or cause the victim's browser to crash. No remedy is available as of
February 2008. Alternately user can disable this ActiveX by setting a kill bit for CLSID 02BF25D5-8C17-4B23-BC80-
D3488ABDDC6B. The signature detects attacks using attack patterns CLSID and %HH encoding.
Signature ID: 34163
Yahoo MSNR ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3147
Bugtraq: 24354
Signature Description: Yahoo Webcam is a component of Yahoo Messenger that allows users to chat via webcams
over a network. Yahoo Webcam Upload includes an ActiveX control provided by the file ywcupl.dll. This ActiveX
control (ywcupl.dll) contains a stack buffer overflow vulnerability in the Server property. By convincing a user to view
a specially crafted HTML attachment an attacker may be able to execute arbitrary code with the privileges of the user,
the attacker could also crash the victim WebBrowser. Yahoo Messenger 8.0.1 and Yahoo Messenger 8.1.0.29 are
vulnerable. Upgrade to the latest version of Yahoo Messenger (8.1.0.401 or later), available from the Yahoo Messenger
Web site. Alternative solution is user can set kill bit for DCE2F8B1-A520-11D4-8FD0-00D0B7730277.
Signature ID: 34164
Yahoo Messenger WebCam Upload ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3147 Bugtraq: 24354
Signature Description: Yahoo Webcam is a component of Yahoo Messenger that allows users to chat via webcams
over a network. Yahoo Webcam Upload includes an ActiveX control provided by the file ywcupl.dll. This ActiveX
control (ywcupl.dll) contains a stack buffer overflow vulnerability in the Server property.By convincing a user to view
a specially crafted HTML attachment an attacker may be able to execute arbitrary code with the privileges of the user
The attacker could also crash the victim WebBrowser. Yahoo Messenger 8.0.1 and Yahoo Messenger 8.1.0.29 are
vulnerable. Update the latest version available from vendors web site. Alternatively user can set the kill bit for CLSID
DCE2F8B1-A520-11D4-8FD0-00D0B7730277.
Signature ID: 34168
Trend Micro ServerProtect SpntSvc.EXE Remote Stack Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2508
CVE-2007-1070 Bugtraq: 23868,22639
Signature Description: Trend Micro ServerProtect is an anti-virus application that is designed to run on Windows-
based servers. The ServerProtect architecture includes a management console, information server, and the server which
has ServerProtect installed. The Information Server is the middleware that placed between the Management Console
and the servers it manages. The Trend Micro ServerProtect 5.58 is vulnerable. The ServerProtect executable file
(SpntSvc.exe) runs on TCP port 5168. An attacker could exploit a stack-based buffer overflow via a specially crafted
RPC request to this port. Apply the patch2 build 1176 for this vulnerability, available from the trend micro Support
Services Web page. Exploit attempts of this vulnerability are detected using the combination of two signatures. This is
the second signature and generates a log message.
Signature ID: 34170
Trend Micro ServerProtect EarthAgent.exe buffer overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2508
Bugtraq: 23866
Signature Description: Trend Micro ServerProtect is an anti-virus application that is designed to run on Windows-
based servers. The ServerProtect architecture includes a management console, information server, and the server which
has ServerProtect installed. The Information Server is the middleware that placed between the Management Console