TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
819
Signature ID: 34580
MySpace Uploader "MySpaceUploader.ocx" ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2008-0660
Bugtraq: 27533
Signature Description: MySpace Uploader is image uploader tool,Using myspace uploader. myspace can upload
images in server.Myspace uploader ActiveX control(MySpaceUploader ActiveX control 1.0.0.4 and MySpaceUploader
ActiveX control 1.0.0.5) is vulnerable to a buffer overflow via action property with long string(more then 260
characters) argument. A malicious web page containing UTF-16 encoded data, that instantiated by this activex control
could trigger vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user.
Alternately user can the kill bit for ActiveX control CLSID 48DD0448-9209-4F81-9F6D-D83562940134.
Signature ID: 34581
Facebook Photo Uploader 4 ImageUploader4.1.ocx ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-2008-0660 Bugtraq: 27534
Signature Description: FaceBook is the world's largest Social Network.FaceBook's Image Uploader is a image
uploader tool can be used by face book people to upload images in server. FaceBook's Image Uploader activex control
(FaceBook Image Uploader 5.0.57.0) is vulnerable to a buffer overflow via overly long string arguments to ExtractExif
and ExtractIptc methods. A malicious web page that instantiated by control could trigger vulnerabilities, allowing an
attacker to execute arbitrary code with the privileges of the current user. Update the faceBook Photo ImageUploader
5.0.57.1 or later version is available from the Facebook web site. Alternately user can the kill bit for ActiveX control
CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0. This signature detects when an attacker try to exploit the
FaceBook's Image Uploader activex control by using CLSID and send characters encoded with the %xx hexadecimal
form.
Signature ID: 34582
Facebook Photo Uploader 4 ImageUploader4.1.ocx ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2008-0660 Bugtraq: 27534
Signature Description: FaceBook is the world's largest Social Network.FaceBook's Image Uploader is a image
uploader tool can be used by face book people to upload images in server. FaceBook's Image Uploader activex
control(FaceBook Image Uploader 5.0.57.0) is vulnerable to a buffer overflow via overly long string arguments to
ExtractExif and ExtractIptc methods. A malicious web page that instantiated by control could trigger vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of the current user. Update the faceBook Photo
ImageUploader 5.0.57.1 or later version is available from the Facebook web site. Alternately user can the kill bit for
ActiveX control CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0. This signature detects when an attacker try to
exploit the FaceBook's Image Uploader activex control by using CLSID and send characters encoded with the %uxxxx
hexadecimal form.
Signature ID: 34583
Facebook Photo Uploader 4 ImageUploader4.1.ocx ActiveX Control Buffer Overflow
Threat Level: Warning
Industry ID: CVE-CVE-2008-0660
Bugtraq: 27534
Signature Description: FaceBook is the world's largest Social Network.FaceBook's Image Uploader is a image
uploader tool can be used by face book people to upload images in server. FaceBook's Image Uploader activex
control(FaceBook Image Uploader 5.0.57.0) is vulnerable to a buffer overflow via overly long string arguments to
ExtractExif and ExtractIptc methods. A malicious web page that instantiated by control could trigger vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of the current user. Update the faceBook Photo
ImageUploader 5.0.57.1 or later version is available from the Facebook web site. Alternately user can the kill bit for