TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
900
Signature ID: 35218
IBM eGatherer ActiveX Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4221 Bugtraq: 19554
Signature Description: A stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before
3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer
method. This method accepts one parameter, the specified file name for the eGatherer log output. By filling the single
parameter with a large string, a straight stack overflow occurs. By persuading a victim to visit a malicious Web page,
containing hex encoded malformed data attacker can execute the arbitrary code in the victim system. Users are advised
to set kill bit to the clsid corresponding to the progid IbmEgath.IbmEgathCtl.1 to resolve this issue.
Signature ID: 35219
IBM eGatherer ActiveX Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4221 Bugtraq: 19554
Signature Description: A stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before
3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer
method. This method accepts one parameter, the specified file name for the eGatherer log output. By filling the single
parameter with a large string, a straight stack overflow occurs. By persuading a victim to visit a malicious Web page,
which contains UTF-16 encoded exploit data attacker can execute the arbitrary code in the victim system. Users are
advised to set kill bit to the clsid 74FFE28D-2378-11D5-990C-006094235084 to resolve this issue.
Signature ID: 35220
IBM eGatherer ActiveX Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4221 Bugtraq: 19554
Signature Description: A stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before
3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer
method. This method accepts one parameter, the specified file name for the eGatherer log output. By filling the single
parameter with a large string, a straight stack overflow occurs. By persuading a victim to visit a malicious Web page,
which contains UTF-16 encoded exploit data attacker can execute the arbitrary code in the victim system. Users are
advised to set kill bit to the clsid corresponding to the progid IbmEgath.IbmEgathCtl.1 to resolve this issue.
Signature ID: 35221
Microsoft XML Core Services XMLDOM/OLE Automation SubstringData Method Integer
Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-2223
CVE-2007-2224 Bugtraq: 25282,25301
Signature Description: Microsoft XML Core Services (MSXML) allows customers who use JScript, Visual Basic
Scripting Edition (VBScript), and Microsoft Visual Studio 6.0 to develop XML-based applications that provide
interoperability with other applications that adhere to the XML 1.0 standard. OLE Automation is an industry standard
that applications use to expose their OLE objects to development tools, macro languages, and other containers that
support OLE Automation. It is possible to execute arbitrary code via the parameters to substringData method on a
TextNode or XMLDOM object. substringData method takes two arguments, offset that specifies the offset from which
to start and count that specifies the number of characters to extract. If a large value is supplied for count parameter an
integer overflow occurs causing incorrect memory allocation. By convincing a user to view a specially crafted HTML
document, an attacker may be able to execute arbitrary code with the privileges of the user. Install the updates
mentioned in Microsoft Security Bulletin MS07-042 and MS07-043.