TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
812
Signature ID: 34547
Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary File Download1
Threat Level: Severe
Bugtraq: 27279
Signature Description: Macrovision FLEXNet Connect allows software distributors and vendors the ability to
automatically deliver software and notify users of updates. Part of its functionality is provided by an ActiveX
control.Macrovision FLEXNet Connect ActiveX control(FLEXnet Connect 6.1.100.61372) is vulnerable to a buffer
overflow via DownloadAndExecute method. A specially crafted web page containing hex encoded shellcode data, that
instantiates this control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the
privileges of the current user.Alternatively user can set the killbit for the vulnerable ActiveX control's CLSID
1DF951B1-8D40-4894-A04C-66AD824A0EEF.
Signature ID: 34548
Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary File Download1
Threat Level: Warning
Bugtraq: 27279
Signature Description: Macrovision FLEXNet Connect allows software distributors and vendors the ability to
automatically deliver software and notify users of updates. Part of its functionality is provided by an ActiveX
control.Macrovision FLEXNet Connect ActiveX control(FLEXnet Connect 6.1.100.61372) is vulnerable to a buffer
overflow via DownloadAndExecute method.A specially crafted web page that instantiates this control could trigger this
buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user.Alternatively user
can set the killbit for the vulnerable ActiveX control's CLSID 1DF951B1-8D40-4894-A04C-66AD824A0EEF.
Signature ID: 34549
Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary File Download1
Threat Level: Severe
Bugtraq: 27279
Signature Description: Macrovision FLEXNet Connect allows software distributors and vendors the ability to
automatically deliver software and notify users of updates. Part of its functionality is provided by an ActiveX
control.Macrovision FLEXNet Connect ActiveX control(FLEXnet Connect 6.1.100.61372) is vulnerable to a buffer
overflow via DownloadAndExecute method. A specially crafted web page containing UTF-16 encoded exploit data,
that instantiates this control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the
privileges of the current user.Alternatively user can set the killbit for the vulnerable ActiveX control's CLSID
1DF951B1-8D40-4894-A04C-66AD824A0EEF.
Signature ID: 34550
Crystal Reports 'EnterpriseControls.dll' ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2008-0379 Bugtraq: 27333
Signature Description: Crystal Reports' is a popular third party package that is included with Visual Basic, which
allows to create reports for your application.Part of functionality is provided by an ActiveX control.The Crystal Reports
ActiveX control (EnterpriseControls.dll 11.5.0.313) is vulnerable to a buffer overflow, caused by improper bounds
checking by the SelectedSession() method. By persuading a victim to visit a malicious Web page containing %u
encoded data, that passes an overly long string to the SelectedSession() method, a remote attacker could overflow a
buffer and execute arbitrary code on the system with the privileges of the victim or cause the victim's browser to crash.
No remedy available as of January 2008.Alternatively user can set the killbit for for the vulnerable ActiveX control's
3D58C9F3-7CA5-4C44-9D62-C5B63E059050.