TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
807
as of January 2008.Alternatively user can set the killbit for for the vulnerable ActiveX control's CLSID 309F674D-
E4D3-46BD-B9E2-ED7DFD7FD176.
Signature ID: 34527
Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution
Vulnerability
Threat Level: Warning
Bugtraq: 27424
Signature Description: Comodo Antivirus is an antivirus solution for Microsoft Windows.Part of its functionality is
provided by an ActiveX control.Comodo Antivirus activeX control(Comodo Antivirus versions 2.0 ) is vulnerable to a
buffer overflow that can be exploited via ExecuteStr method. A malicious web page that containing UTF-16 encoded
exploit data, that instantiates this activex control could call this vulnerable method to execute arbitrary commands with
the privileges of the current user. No remedy available as of January 2008.Alternatively user can set the killbit for for
the vulnerable ActiveX control's CLSID 309F674D-E4D3-46BD-B9E2-ED7DFD7FD176.
Signature ID: 34528
Lycos File Upload ActiveX Control Buffer Overflow
Threat Level: Severe
Bugtraq: 27411
Signature Description: The Lycos File Upload ActiveX is provided by Lycos to ease file uploads to Lycos services.
Lycos FileUploader Module FileUploader.dll version 2.0.0.2 contains a flaw in its handling of its
"HandwriterFilename" property. Setting this property to an overlong value could trigger a buffer overflow
vulnerability. A specially crafted web page that instantiates this control could trigger this buffer overflow, allowing an
attacker to execute arbitrary code with the privileges of the current user.Alternatively user can set the killbit for the
vulnerable ActiveX control's CLSID C36112BF-2FA3-4694-8603-3B510EA3B465. This signature detects attack
traffic using the vulnerable CLSID and %uHHHH encoding.
Signature ID: 34529
Lycos File Upload ActiveX Control Buffer Overflow
Threat Level: Severe
Bugtraq: 27411
Signature Description: The Lycos File Upload ActiveX is provided by Lycos to ease file uploads to Lycos
services.Lycos FileUploader Module FileUploader.dll version 2.0.0.2 contains a flaw in its handling of its
"HandwriterFilename" property. Setting this property to an overlong value could trigger a buffer overflow
vulnerability. A specially crafted web page that instantiates this control could trigger this buffer overflow, allowing an
attacker to execute arbitrary code with the privileges of the current user.Alternatively user can set the killbit for the
vulnerable ActiveX control's CLSID C36112BF-2FA3-4694-8603-3B510EA3B465. This signature detects attack
traffic using the vulnerable CLSID and%HH encoding.<br>
Signature ID: 34530
Lycos File Upload ActiveX Control Buffer Overflow
Threat Level: Warning
Bugtraq: 27411
Signature Description: The Lycos File Upload ActiveX is provided by Lycos to ease file uploads to Lycos
services.Lycos FileUploader Module FileUploader.dll version 2.0.0.2 contains a flaw in its handling of its
"HandwriterFilename" property. Setting this property to an overlong value could trigger a buffer overflow
vulnerability. A specially crafted web page that instantiates this control could trigger this buffer overflow, allowing an
attacker to execute arbitrary code with the privileges of the current user.Alternatively user can set the killbit for the