TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
818
services to users of Gateway computers. It is installed by default on many Gateway systems. Gateway web launch
activeX (Gateway Web Launch 1.0.0.1) is vulnerable to a buffer overflow via DoWebLaunch method. Successfully
exploiting would allow an attacker to execute arbitrary code with the privileges of the current user.Alternatively user
can set kill bit for Activex control CLSID corresponding to the progid WebLaunch.WeblaunchCtl.1
Signature ID: 34576
Gateway Web Launch ActiveX Control buffer overflow Vulnerabilities
Threat Level: Severe
Bugtraq: 27193
Signature Description: The Gateway Web Launch ActiveX control is used to provide troubleshooting and launch
services to users of Gateway computers. It is installed by default on many Gateway systems.Gateway web launch
activeX (Gateway Web Launch 1.0.0.1) is vulnerable to a buffer overflow via DoWebLaunch method. By persuading a
victim to visit a malicious Web page, containing UTF-16 encoded data user can execute the code. Successfully
exploiting would allow an attacker to execute arbitrary code with the privileges of the current user. Alternatively user
can set kill bit for Activex control CLSID corresponding to the progid WebLaunch.WeblaunchCtl.1.
Signature ID: 34577
MySpace Uploader "MySpaceUploader.ocx" ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2008-0660 Bugtraq: 27533
Signature Description: MySpace Uploader is image uploader tool,Using myspace uploader. myspace can upload
images in server.Myspace uploader ActiveX control(MySpaceUploader ActiveX control 1.0.0.4 and MySpaceUploader
ActiveX control 1.0.0.5) is vulnerable to a buffer overflow via action property with long string(more then 260
characters) argument. A malicious web page containing hex encoded exploit data, that instantiated by this activex
control could trigger vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user.
Alternately user can the kill bit for ActiveX control CLSID 48DD0448-9209-4F81-9F6D-D83562940134.
Signature ID: 34578
MySpace Uploader "MySpaceUploader.ocx" ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2008-0660 Bugtraq: 27533
Signature Description: MySpace Uploader is image uploader tool,Using myspace uploader. myspace can upload
images in server.Myspace uploader ActiveX control(MySpaceUploader ActiveX control 1.0.0.4 and MySpaceUploader
ActiveX control 1.0.0.5) is vulnerable to a buffer overflow via action property with long string(more then 260
characters) argument. A malicious web page containing %u encoded data, that instantiated by this activex control could
trigger vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Alternately
user can the kill bit for ActiveX control CLSID 48DD0448-9209-4F81-9F6D-D83562940134.
Signature ID: 34579
MySpace Uploader "MySpaceUploader.ocx" ActiveX Control Buffer Overflow
Threat Level: Warning
Industry ID: CVE-CVE-2008-0660
Bugtraq: 27533
Signature Description: MySpace Uploader is image uploader tool,Using myspace uploader myspace can upload images
in server. Myspace uploader ActiveX control(MySpaceUploader ActiveX control 1.0.0.4 and MySpaceUploader
ActiveX control 1.0.0.5) is vulnerable to a buffer overflow via action property with long string(more then 260
characters) argument. A malicious web page that instantiated by control could trigger vulnerabilities, allowing an
attacker to execute arbitrary code with the privileges of the current user. Alternately user can the kill bit for ActiveX
control CLSID 48DD0448-9209-4F81-9F6D-D83562940134.