TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
823
provided by ActiveX controls, mediagrid.dll. Yahoo Jukebox Activex Control(Yahoo! Music Jukebox 2.2) is
vulnerable to a buffer overflow via addbitmap method. A malicious web page containing UTF-16 encoded data, that
instantiated by control could trigger vulnerability, allowing an attacker to execute arbitrary code with the privileges of
the current user. Alternately user can the kill bit for ActiveX control CLSID 22FD7C0A-850C-4A53-9821-
0B0915C96139.
Signature ID: 34597
Yahoo! Music Jukebox 'datagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2008-0623
CVE-2008-0624 CVE-2008-0625 Bugtraq: 27579
Signature Description: Yahoo! Jukebox is Yahoo's popular music for microsoft windows.Part of its functionality is
provided by ActiveX controls,datagrid.dll.Yahoo Jukebox Activex Control(Yahoo! Music Jukebox 2.2) is vulnerable to
a buffer overflow via addbutton method.A malicious web page that instantiated by control could trigger vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of the current user. Alternately user can the kill bit for
ActiveX control CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C. This signature detects attack traffic using
CLSID with %HH encoding.
Signature ID: 34598
Yahoo! Music Jukebox 'datagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-CVE-2008-0623 CVE-2008-0624 CVE-2008-0625 Bugtraq: 27579
Signature Description: Yahoo! Jukebox is Yahoo's popular music for Microsoft windows.Part of its functionality is
provided by ActiveX controls,datagrid.dll.Yahoo Jukebox Activex Control (Yahoo! Music Jukebox 2.2) is vulnerable
to a buffer overflow via addbutton method.A malicious web page that instantiated by control could trigger
vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Alternately user
can the kill bit for ActiveX control CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C. This signature detects
attack traffic using CLSID with %uHHHH encoding.
Signature ID: 34599
Yahoo! Music Jukebox 'datagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-CVE-2008-0623
CVE-2008-0624 CVE-2008-0625 Bugtraq: 27579
Signature Description: Yahoo! Jukebox is Yahoo's popular music for Microsoft windows.Part of its functionality is
provided by ActiveX controls,datagrid.dll.Yahoo Jukebox Activex Control(Yahoo! Music Jukebox 2.2) is vulnerable to
a buffer overflow via addbutton method.A malicious web page that instantiated by control could trigger vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of the current user. Alternately user can the kill bit for
ActiveX control CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C. This signature detects traffic that is using the
vulnerable CLSID.
Signature ID: 34606
McAfee SecurityCenter Subscription Manager ActiveX Buffer Overflow
Threat Level: Severe
Industry ID: CVE-2006-3961
Bugtraq: 19265
Signature Description: Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center
6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy
Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary
commands via long string parameters, which are later used in vsprintf. By persuading a victim to visit a malicious Web
page, containing UTF-16 encoded data attacker can execute arbitrary code with root privileges. Users are advised to set
killbit for clsid 9BE8D7B2-329C-442A-A4AC-ABA9D7572602 to resolve this issue.