TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
814
Signature ID: 34557
AOL Radio AmpX ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2007-5755 Bugtraq: 26396
Signature Description: AOL Radio is a streaming media service from AOL. Part of its functionality is implemented as
an ActiveX control.AOL Radio activeX control (AmpX ActiveX Control 2.6.1.11) is vulnerable to a buffer overflow
via AppendFileToPlaylist. A specially crafted web page containing %u encoded exploit data that instantiates this
control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the
current user.Alternatively user can set the killbit for the vulnerable ActiveX control's CLSID B49C4597-8721-4789-
9250-315DFBD9F525. Apply the patch for this vulnerability (unagi_patch.exe), available from the AOL Web site.
Signature ID: 34558
AOL Radio AmpX ActiveX Control Buffer Overflow
Threat Level: Warning
Industry ID: CVE-CVE-2007-5755 Bugtraq: 26396
Signature Description: AOL Radio is a streaming media service from AOL. Part of its functionality is implemented as
an ActiveX control.AOL Radio activeX control (AmpX ActiveX Control 2.6.1.11) is vulnerable to a buffer overflow
via AppendFileToPlaylist. A specially crafted web page that instantiates this control could trigger this buffer overflow,
allowing an attacker to execute arbitrary code with the privileges of the current user.Alternatively user can set the
killbit for the vulnerable ActiveX control's CLSID B49C4597-8721-4789-9250-315DFBD9F525. Apply the patch for
this vulnerability available from the AOL Web site.
Signature ID: 34559
AOL Radio AmpX ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2007-5755 Bugtraq: 26396
Signature Description: AOL Radio is a streaming media service from AOL. Part of its functionality is implemented as
an ActiveX control.AOL Radio activeX control (AmpX ActiveX Control 2.6.1.11) is vulnerable to a buffer overflow
via AppendFileToPlaylist. A specially crafted web page containing UTF-16 encoded data that instantiates this control
could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user.
Alternatively user can set the killbit for the vulnerable ActiveX control's CLSID FA3662C3-B8E8-11D6-A667-
0010B556D978. Apply the patch for this vulnerability (unagi_patch.exe), available from the AOL Web site.
Signature ID: 34560
AOL Radio AmpX ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2007-5755 Bugtraq: 26396
Signature Description: AOL Radio is a streaming media service from AOL. Part of its functionality is implemented as
an ActiveX control.AOL Radio activeX control (AmpX ActiveX Control 2.6.1.11) is vulnerable to a buffer overflow
via AppendFileToPlaylist.A specially crafted web page which contain malformed hex encoded data, that instantiates
this control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the
current user.Alternatively user can set the killbit for the vulnerable ActiveX control's CLSID B49C4597-8721-4789-
9250-315DFBD9F525 having progid value WinAmpX.IWinAmpActiveX. Apply the patch for this vulnerability
available from the AOL Web site.