TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
964
Signature ID: 35539
DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods
Threat Level: Severe
Industry ID: CVE-2008-4749 Bugtraq: 31907
Signature Description: VImpX is an ActiveX control that imports data into various databases. DB Software Laboratory
'VImpX.ocx' ActiveX control is prone to multiple vulnerabilities that let attackers delete or overwrite arbitrary files on
the affected computer in the context of the application using the ActiveX control. VImpX 4.8.8.0 is vulnerable, other
versions may also be affected. This vulnerability is caused due to improper bounds checking by the LogFile,
ClearLogFile and SaveToFile methods, present in VImpX.ocx ActiveX control. By persuading a victim to visit a
malicious Web page which contain %u encoded data, a remote attacker could execute arbitrary code in the context of
the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in
denial-of-service conditions. No remedy available as of Nov 22, 2008, user can set killbit to the clsid 7600707B-9F47-
416D-8AB5-6FD96EA37968 to resolve this issue.
Signature ID: 35540
DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods
Threat Level: Severe
Industry ID: CVE-2008-4749 Bugtraq: 31907
Signature Description: VImpX is an ActiveX control that imports data into various databases. DB Software Laboratory
'VImpX.ocx' ActiveX control is prone to multiple vulnerabilities that let attackers delete or overwrite arbitrary files on
the affected computer in the context of the application using the ActiveX control. VImpX 4.8.8.0 is vulnerable, other
versions may also be affected. This vulnerability is caused due to improper bounds checking by the LogFile,
ClearLogFile and SaveToFile methods, present in VImpX.ocx ActiveX control. By persuading a victim to visit a
malicious Web page containing UTF-16 encoded data, a remote attacker could execute arbitrary code in the context of
the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in
denial-of-service conditions. No remedy available as of Nov 22, 2008, user can set killbit to the clsid 7600707B-9F47-
416D-8AB5-6FD96EA37968 to resolve this issue.
Signature ID: 35541
DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods
Threat Level: Warning
Industry ID: CVE-2008-4749 Bugtraq: 31907
Signature Description: VImpX is an ActiveX control that imports data into various databases. DB Software Laboratory
'VImpX.ocx' ActiveX control is prone to multiple vulnerabilities that let attackers delete or overwrite arbitrary files on
the affected computer in the context of the application using the ActiveX control. VImpX 4.8.8.0 is vulnerable, other
versions may also be affected. This vulnerability is caused due to improper bounds checking by the LogFile,
ClearLogFile and SaveToFile methods, present in VImpX.ocx ActiveX control. By persuading a victim to visit a
malicious, a remote attacker could execute arbitrary code in the context of the application using the ActiveX control
(typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. No remedy
available as of Nov 22, 2008, user can set killbit to the clsid 7600707B-9F47-416D-8AB5-6FD96EA37968
corresponding to the ProgID VImpX.VImpAX to resolve this issue.
Signature ID: 35542
DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods
Threat Level: Severe
Industry ID: CVE-2008-4749
Bugtraq: 31907
Signature Description: VImpX is an ActiveX control that imports data into various databases. DB Software Laboratory
'VImpX.ocx' ActiveX control is prone to multiple vulnerabilities that let attackers delete or overwrite arbitrary files on
the affected computer in the context of the application using the ActiveX control. VImpX 4.8.8.0 is vulnerable, other