TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
820
ActiveX control CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0. This signature detects when an attacker try to
exploit the FaceBook's Image Uploader activex control by using CLSID and any one of the ExtractExif or ExtractIptc
method.
Signature ID: 34584
Facebook Photo Uploader 4 ImageUploader4.1.ocx ActiveX Control Buffer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2008-0660 Bugtraq: 27534
Signature Description: FaceBook is the world's largest Social Network.FaceBook's Image Uploader is a image
uploader tool can be used by face book people to upload images in server. FaceBook's Image Uploader activex
control(FaceBook Image Uploader 5.0.57.0) is vulnerable to a buffer overflow via overly long string arguments to
ExtractExif and ExtractIptc methods. A malicious web page that instantiated by control could trigger vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of the current user. Update the faceBook Photo
ImageUploader 5.0.57.1 or later version is available from the Facebook web site. Alternately user can the kill bit for
ActiveX control CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0. This signature detects when an attacker try to
exploit the FaceBook's Image Uploader activex control by using CLSID with Unicode form.
Signature ID: 34585
Aurigma Image Uploader 'ImageUploader4.ocx' ActiveX Control Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2008-0660 Bugtraq: 27539
Signature Description: Aurigma Image Uploader ActiveX Control lets users manage and upload images to a
server.Aurigma image uploader activex control(Image Uploader version 4.5.70.0) is vulnerable to a buffer overflow via
action property. A malicious web page containing hex encoded data, that instantiated by activex control could trigger
vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Alternately user
can the kill bit for ActiveX control CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7.
Signature ID: 34586
Aurigma Image Uploader 'ImageUploader4.ocx' ActiveX Control Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2008-0660 Bugtraq: 27539
Signature Description: Aurigma Image Uploader ActiveX Control lets users manage and upload images to a
server.Aurigma image uploader activex control(Image Uploader version 4.5.70.0) is vulnerable to a buffer overflow via
action property. A malicious web page containing %u encoded exploit data, that instantiated by activex control could
trigger vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Alternately
user can the kill bit for ActiveX control CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7.
Signature ID: 34587
Aurigma Image Uploader 'ImageUploader4.ocx' ActiveX Control Buffer Overflow
Vulnerability
Threat Level: Warning
Industry ID: CVE-CVE-2008-0660
Bugtraq: 27539
Signature Description: Aurigma Image Uploader ActiveX Control lets users manage and upload images to a server.
Aurigma image uploader activex control(Image Uploader version 4.5.70.0) is vulnerable to a buffer overflow via action
property. A malicious web page that instantiated by activex control could trigger vulnerabilities, allowing an attacker to
execute arbitrary code with the privileges of the current user. Alternately user can the kill bit for ActiveX control
CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7.