TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
867
could execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer).
Failed exploit attempts will likely result in denial-of-service conditions. This issue occurs because the application fails
to sanitize user-supplied input to the "TransferFile" method. Vulnerability is Reportedly fixed in SecureTransport
Server 4.6.1 Hotfix 20. No remedy available as of August 12, 2008, user can set killbit to the clsid 38681fbd-d4cc-
4a59-a527-b3136db711d3 to resolve this issue.
Signature ID: 35005
Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit
Threat Level: Severe
Industry ID: CVE-2008-1724
Bugtraq: 28662
Signature Description: Tumbleweed SecureTransport is the industry's most secure Managed File Transfer solution for
moving financial transactions, critical business files, large documents, XML, and EDI transactions over the Internet and
private IP networks. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
Tumbleweed Communications SecureTransport FileTransfer ActiveX Control (vcst_eu.dll 1.0.0.5) with CLSID of
38681fbd-d4cc-4a59-a527-b3136db711d3. By persuading a victim to visit a malicious Web page, containing UTF-16
encoded data a remote attacker could execute arbitrary code in the context of the application using the ActiveX control
(typically Internet Explorer). This issue occurs because the application fails to sanitize user-supplied input to the
"TransferFile" method. Vulnerability is Reportedly fixed in SecureTransport Server 4.6.1 Hotfix 20.
Signature ID: 35006
LEADTOOLS Multimedia 'LTMM15.DLL' ActiveX Control Arbitrary File Overwrite
Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-1605 Bugtraq: 28442
Signature Description: LEAD Technologies is the supplier of imaging development SDKs. The LEADTOOLS family
of toolkits is designed to help programmers integrate color, grayscale, document, medical, multimedia, Internet and
vector imaging into their applications quickly. It has been chosen by Microsoft, Hewlett Packard, Intel, Boeing, Xerox,
Kodak, Ford Motor Companies. The LEADTOOLS Multimedia Toolkit 15 (ltmmCaptureCtrl Class, ltmmConvertCtrl
Class, and ltmmPlayCtrl Class) ActiveX controls (ltmm15.dll) could allow a remote attacker to overwrite arbitrary files
on the system. By persuading a victim to visit a malicious Web site, a remote or local attacker could exploit this
vulnerability using the SaveSettingsToFile() method to overwrite and corrupt arbitrary files on the system.No Remedy
is Available as of March 2008. Alternately user can set the kill bit for CLSID 00150B1A-B1BA-11CE-ABC6-
F5B2E79D9E3F.
Signature ID: 35007
LEADTOOLS Multimedia 'LTMM15.DLL' ActiveX Control Arbitrary File Overwrite
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1605 Bugtraq: 28442
Signature Description: LEAD Technologies is the supplier of imaging development SDKs. The LEADTOOLS family
of toolkits is designed to help programmers integrate color, grayscale, document, medical, multimedia, Internet and
vector imaging into their applications quickly. It has been chosen by Microsoft, Hewlett Packard, Intel, Boeing, Xerox,
Kodak, Ford Motor Companies. The LEADTOOLS Multimedia Toolkit 15 (ltmmCaptureCtrl Class, ltmmConvertCtrl
Class, and ltmmPlayCtrl Class) ActiveX controls (ltmm15.dll) could allow a remote attacker to overwrite arbitrary files
on the system. By persuading a victim to visit a malicious Web site, a remote or local attacker could exploit this
vulnerability using the SaveSettingsToFile() method to overwrite and corrupt arbitrary files on the system. No Remedy
is Available as of March 2008. Alternately user can set the kill bit for CLSID 00150B1A-B1BA-11CE-ABC6-
F5B2E79D9E3F. This signature detects traffic using vulnerable CLSID with an OBJECT HTML tag.