TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
784
for Internet Explorer. This signature specifically detects when an attacker send malicious pattern using progid for this
activex control.
Signature ID: 34270
Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4777
Bugtraq: 20047
Signature Description: DirectAnimation Path Control COM object (daxctle.ocx) for Internet Explorer 6.0 SP1 is
vulnerable to heap based buffer overflow via sending long arguments to the KeyFrame method. This vulnerability is
due to insufficient sanitization of user supplied data. A successful exploitation of this vulnerability allow an attacker to
execute arbitrary commands on the vulnerable system. The vendor has issued the fixes as part of a cumulative updated
for Internet Explorer. This signature detects when an attacker try to exploit the daxctle.ocx activex control by using
progid with Unicode.
Signature ID: 34271
Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4777 Bugtraq: 20047
Signature Description: DirectAnimation Path Control COM object (daxctle.ocx) for Internet Explorer 6.0 SP1 is
vulnerable to heap based buffer overflow via sending long arguments to the KeyFrame method. This vulnerability is
due to insufficient sanitization of user supplied data. A successful exploitation of this vulnerability allow an attacker to
execute arbitrary commands on the vulnerable system. The vendor has issued the fixes as part of a cumulative updated
for Internet Explorer. This signature detects when an attacker try to exploit the daxctle.ocx activex control by using
CLSID with Unicode.
Signature ID: 34272
Internet Explorer WebViewFolderIcon setSlice() Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3730 Bugtraq: 19030
Signature Description: Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers
to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a
WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. Patches are available. This signature
detects attacks using CLSID and %uHHHH encoding.
Signature ID: 34273
Internet Explorer WebViewFolderIcon setSlice() Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3730 Bugtraq: 19030
Signature Description: Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers
to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a
WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. Patches are available. This signature
detects attacks using CLSID and %HH encoding.
Signature ID: 34274
Internet Explorer WebViewFolderIcon setSlice() Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3730 Bugtraq: 19030
Signature Description: Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers
to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a