TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
907
memory corruption vulnerability. By sending an specially crafted image that, when loaded by the target user, will
invoke the 'dxtmsft.dll' ActiveX control and trigger a memory corruption error to execute arbitrary code on the target
system. The code will run with the privileges of the target user. Vendor has provided patches to resolve this issue.
Update the latest version available from vendors web site. Alternatively user can set the kill bit for CLSID 1E54333B-
2A00-11d1-8198-0000F87557DB. This signature detects attacks using CLSID encoded in UTF encoding.
Signature ID: 35251
Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-0078
Bugtraq: 27689
Signature Description: Windows Internet Explorer (formerly Microsoft Internet Explorer abbreviated MSIE),
commonly abbreviated to IE, is a series of graphical web browsers developed by Microsoft and included as part of the
Microsoft Windows line of operating systems starting in 1995. MSIE versions 5.01, 6, 6 SP1, 7 are vulnerable to this
memory corruption vulnerability. By sending an specially crafted image that, when loaded by the target user, will
invoke the 'dxtmsft.dll' ActiveX control and trigger a memory corruption error to execute arbitrary code on the target
system. The code will run with the privileges of the target user. Vendor has provided patches to resolve this issue.
Update the latest version available from vendors web site. Alternatively user can set the kill bit for CLSID
corresponding to the prog id DXTransform.Microsoft.DXLUTBuilder.1 to resolve this issue.
Signature ID: 35252
Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0078 Bugtraq: 27689
Signature Description: Windows Internet Explorer (formerly Microsoft Internet Explorer abbreviated MSIE),
commonly abbreviated to IE, is a series of graphical web browsers developed by Microsoft and included as part of the
Microsoft Windows line of operating systems starting in 1995. MSIE versions 5.01, 6, 6 SP1, 7 are vulnerable to this
memory corruption vulnerability. By sending an specially crafted image that, when loaded by the target user, will
invoke the 'dxtmsft.dll' ActiveX control and trigger a memory corruption error to execute arbitrary code on the target
system. The code will run with the privileges of the target user. Vendor has provided patches to resolve this issue.
Update the latest version available from vendors web site. Alternatively user can set the kill bit for CLSID 1E54333B-
2A00-11d1-8198-0000F87557DB. This signature detects attacks using PROGID and %HH encoding.
Signature ID: 35253
Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0078 Bugtraq: 27689
Signature Description: Windows Internet Explorer (formerly Microsoft Internet Explorer abbreviated MSIE),
commonly abbreviated to IE, is a series of graphical web browsers developed by Microsoft and included as part of the
Microsoft Windows line of operating systems starting in 1995. MSIE versions 5.01, 6, 6 SP1, 7 are vulnerable to this
memory corruption vulnerability. By sending an specially crafted image that, when loaded by the target user, will
invoke the 'dxtmsft.dll' ActiveX control and trigger a memory corruption error to execute arbitrary code on the target
system. The code will run with the privileges of the target user. Vendor has provided patches to resolve this issue.
Update the latest version available from vendors web site. Alternatively user can set the kill bit for CLSID 1E54333B-
2A00-11d1-8198-0000F87557DB. This signature detects attacks using PROGID and %uHHHH encoding.
Signature ID: 35254
Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0078
Bugtraq: 27689
Signature Description: Windows Internet Explorer (formerly Microsoft Internet Explorer abbreviated MSIE),