TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
834
using the COM runtime, developers can create software components that perform a particular function or a set of
functions. Many Microsoft Windows applications including many of those from Microsoft such as Internet Explorer,
Microsoft Office, Microsoft Visual Studio, Windows Media Player use ActiveX controls to build their feature set as
well as encapsulate their functionality with ActiveX controls. So that the functionality can be embedded in other
applications. Some of the ActiveX controls are vulnerable to buffer overflow or to memory corruption via insecure
methods. A remote attacker could exploit these vulnerabilities and execute arbitrary code on the system. This rule is
meant for detecting the pages with javascript having ActiveX controls with CLSID & CLSID value in HTTP response.
Signature ID: 34757
Samba Domain-Logon Exploit
Threat Level: Critical
Industry ID: CVE-CVE-2007-6015
Bugtraq: 26791
Signature Description: Samba contains a stack based buffer overflow vulnerability which can be exploited remotely by
sending a domain logon packet using MAILSLOT Netbios datagram service. This vulnerability exists only when
"domain logon" option is enabled. A specially crafted GETDC mailslot request can trigger a boundary error in the
domain controller. When exploited, attacker can execute arbitary code with elevated privileges. SAMBA on a wide
range of platforms including VMWare ESX Server, Ubuntu Linux, Sun Solaris, SuSE Linux, RedHat EL, Madrake
Linux are vulnerable to this attack.
Signature ID: 34758
HP OpenView Application Exploit
Threat Level: Critical
Industry ID: CVE-CVE-2007-3872 Bugtraq: 25255
Signature Description: HP OpenView applications are prone to multiple remote stack-based buffer overflow
vulnerabilities. They fail to perform adequate boundary checks on input that is supplied to opcode handlers of affected
services. Attackers can exploit these issues to execute arbitrary code with superuser privileges.
Signature ID: 34759
McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite vulnerability
Threat Level: Warning
Industry ID: CVE-2005-3657 Bugtraq: 15986
Signature Description: McAfee VirusScan is a commercially available virus scanning product for the Microsoft
Windows platform. Security Center is a component that combines various security protection applications. It ships with
McAfee VirusScan. McAfee VirusScan Security Center(mcinsctl.dll' file version 4.0.0.83) is prone to an arbitrary file
overwrite vulnerability via the StartLog and AddLog methods.Successful exploitation can lead to various attacks
including potential arbitrary code execution and remote unauthorized access. Update the patches available from
vendors web sit. This signature detects traffic using the vulnerable CLSID.
Signature ID: 34760
McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite vulnerability
Threat Level: Severe
Industry ID: CVE-2005-3657
Bugtraq: 15986
Signature Description: McAfee VirusScan is a commercially available virus scanning product for the Microsoft
Windows platform. Security Center is a component that combines various security protection applications. It ships with
McAfee VirusScan. McAfee VirusScan Security Center(mcinsctl.dll' file version 4.0.0.83) is prone to an arbitrary file
overwrite vulnerability via the StartLog and AddLog methods.Successful exploitation can lead to various attacks
including potential arbitrary code execution and remote unauthorized access. Update the patches available from
vendors web sit. This signature detects attack traffic using the vulnerable CLSID and %uHHHH encoding.