TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
983
Signature ID: 35618
HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities
Threat Level: Severe
Signature Description: Instant Support Professional Edition (ISPE) will collect and send your computer and printer
information to HP support specialists in HP's worldwide customer support organization. Hewlett-Packard will treat the
collected information as confidential. The HP Instant Support ActiveX control is used by HP to provide support to HP
desktop systems. HP Instant Support 1.0 23 and prior are vulnerable to multiple attacks like buffer overflows and file
overwrite vulnerabilities. By visiting a malicious web page containing specially formatted encoded data, that
instantiates this control could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges of the current user. Vendor has confirmed this
issue and provided patches to resolve this issue. Alternately user can set killbit to the clsid 14C1B87C-3342-445F-
9B5E-365FF330A3AC to resolve this issue.
Signature ID: 35619
HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities
Threat Level: Warning
Signature Description: Instant Support Professional Edition (ISPE) will collect and send your computer and printer
information to HP support specialists in HP's worldwide customer support organization. Hewlett-Packard will treat the
collected information as confidential. The HP Instant Support ActiveX control is used by HP to provide support to HP
desktop systems. HP Instant Support 1.0 23 and prior are vulnerable to multiple attacks like buffer overflows and file
overwrite vulnerabilities. By visiting a malicious web page that instantiates this control could trigger one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code
with the privileges of the current user. Vendor has confirmed this issue and provided patches to resolve this issue.
Alternately user can set killbit to the clsid corresponding to the progid HPISDataManagerLib.Datamgr to resolve this
issue. This signature checks for use of StartApp, DownloadFile, GetFileTime and DeleteSingleFile methods in the
traffic.
Signature ID: 35620
HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities
Threat Level: Warning
Signature Description: Instant Support Professional Edition (ISPE) will collect and send your computer and printer
information to HP support specialists in HP's worldwide customer support organization. Hewlett-Packard will treat the
collected information as confidential. The HP Instant Support ActiveX control is used by HP to provide support to HP
desktop systems. HP Instant Support 1.0 23 and prior are vulnerable to multiple attacks like buffer overflows and file
overwrite vulnerabilities. By visiting a malicious web page that instantiates this control could trigger one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code
with the privileges of the current user. Vendor has confirmed this issue and provided patches to resolve this issue.
Alternately user can set killbit to the clsid corresponding to the progid HPISDataManagerLib.Datamgr to resolve this
issue. This signature checks for use of MoveFile, AppendstringTofile, RegistryString and ExtractCab methods in the
traffic.
Signature ID: 35621
HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities
Threat Level: Severe
Signature Description: Instant Support Professional Edition (ISPE) will collect and send your computer and printer
information to HP support specialists in HP's worldwide customer support organization. Hewlett-Packard will treat the
collected information as confidential. The HP Instant Support ActiveX control is used by HP to provide support to HP
desktop systems. HP Instant Support 1.0 23 and prior are vulnerable to multiple attacks like buffer overflows and file
overwrite vulnerabilities. By visiting a malicious web page containing hex encoded data, that instantiates this control