TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
816
language. Microsoft visual foxpro(Microsoft Visual FoxPro version 6.0) is vulnerable to arbitrary command execution
via foxcommand and Docmd methods.Successfully exploiting would allow an attacker to execute arbitrary code with
the privileges of the current user.Alternatively user can set kill bit for Activex control CLSID A7CD2320-6117-11D7-
8096-0050042A4CD2.
Signature ID: 34567
Microsoft Visual FoxPro arbitrary Command Execution
Threat Level: Warning
Industry ID: CVE-2008-0235 Bugtraq: 27205
Signature Description: Microsoft Visual FoxPro is an integrated development environment for the FoxPro database
language.Microsoft visual foxpro(Microsoft Visual FoxPro version 6.0) is vulnerable to arbitrary command execution
via foxcommand and Docmd methods.Successfully exploiting would allow an attacker to execute arbitrary code with
the privileges of the current user.Alternatively user can set kill bit for Activex control CLSID values (A7CD2320-
6117-11D7-8096-0050042A4CD2 and 008B6010-1F3D-11D1-B0C8-00A0C9055D74) corresponding to the progid
value VisualFoxpro.Runtime
Signature ID: 34568
Microsoft Visual FoxPro arbitrary Command Execution
Threat Level: Warning
Industry ID: CVE-2008-0236 Bugtraq: 27199
Signature Description: Microsoft Visual FoxPro is an integrated development environment for the FoxPro database
language. Microsoft visual foxpro(Microsoft Visual FoxPro version 6.0) is vulnerable to arbitrary command execution
via foxcommand and Docmd methods.Successfully exploiting would allow an attacker to execute arbitrary code with
the privileges of the current user.Alternatively user can set kill bit for Activex control CLSID 008B6010-1F3D-11D1-
B0C8-00A0C9055D74.<br>
Signature ID: 34569
Gateway Web Launch ActiveX Control buffer overflow Vulnerabilities
Threat Level: Severe
Bugtraq: 27193
Signature Description: The Gateway Web Launch ActiveX control is used to provide troubleshooting and launch
services to users of Gateway computers. It is installed by default on many Gateway systems.Gateway web launch
activeX (Gateway Web Launch 1.0.0.1) is vulnerable to a buffer overflow via DoWebLaunch method. By persuading a
victim to visit a malicious Web page, containing hex encoded data attacker can execute the code. Successfully
exploiting would allow an attacker to execute arbitrary code with the privileges of the current user. Alternatively user
can set kill bit for Activex control CLSID 93CEA8A4-6059-4E0B-ADDD-73848153DD5E0.
Signature ID: 34570
Gateway Web Launch ActiveX Control buffer overflow Vulnerabilities
Threat Level: Severe
Bugtraq: 27193
Signature Description: The Gateway Web Launch ActiveX control is used to provide troubleshooting and launch
services to users of Gateway computers. It is installed by default on many Gateway systems.Gateway web launch
activeX (Gateway Web Launch 1.0.0.1) is vulnerable to a buffer overflow via DoWebLaunch method. By persuading a
victim to visit a malicious Web page, containing %u encoded shellcode data attacker can execute the code.
Successfully exploiting would allow an attacker to execute arbitrary code with the privileges of the current
user.Alternatively user can set kill bit for Activex control CLSID 93CEA8A4-6059-4E0B-ADDD-73848153DD5E0.