TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
984
could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to
execute arbitrary code with the privileges of the current user. Vendor has confirmed this issue and provided patches to
resolve this issue. Alternately user can set killbit to the clsid corresponding to the progid
HPISDataManagerLib.Datamgr to resolve this issue.
Signature ID: 35622
HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities
Threat Level: Severe
Signature Description: Instant Support Professional Edition (ISPE) will collect and send your computer and printer
information to HP support specialists in HP's worldwide customer support organization. Hewlett-Packard will treat the
collected information as confidential. The HP Instant Support ActiveX control is used by HP to provide support to HP
desktop systems. HP Instant Support 1.0 23 and prior are vulnerable to multiple attacks like buffer overflows and file
overwrite vulnerabilities. By visiting a malicious web page containing %u encoded data, that instantiates this control
could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to
execute arbitrary code with the privileges of the current user. Vendor has confirmed this issue and provided patches to
resolve this issue. Alternately user can set killbit to the clsid corresponding to the progid
HPISDataManagerLib.Datamgr to resolve this issue.
Signature ID: 35623
HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities
Threat Level: Severe
Signature Description: Instant Support Professional Edition (ISPE) will collect and send your computer and printer
information to HP support specialists in HP's worldwide customer support organization. Hewlett-Packard will treat the
collected information as confidential. The HP Instant Support ActiveX control is used by HP to provide support to HP
desktop systems. HP Instant Support 1.0 23 and prior are vulnerable to multiple attacks like buffer overflows and file
overwrite vulnerabilities. By visiting a malicious web page that instantiates this control could trigger one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code
with the privileges of the current user.
Signature ID: 35624
NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Vulnerability
Threat Level: Warning
Signature Description: NCTAudioEditor ActiveX DLL is a visual multifunctional audio files editor. It can be used to
build applications, which allow end-users to perform various operations with audio data such as displaying a waveform
image and a spectral view of an audio file, recording, playing, editing, mixing, applying various audio effects and
filters, format conversion and more. It Supports all major audio formats. The vulnerability is caused due to a boundary
error in the NCTsoft AudFile.dll ActiveX Control when handling the "SetFormatLikeSample()" method. This can be
exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the
affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
Set killbit to the clsid 77829F14-D911-40FF-A2F0-D11DB8D6D0BC to resolve this issue. This signature detects use
of the vulnerable ActiveX control.
Signature ID: 35625
NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Vulnerability
Threat Level: Severe
Signature Description: NCTAudioEditor ActiveX DLL is a visual multifunctional audio files editor. It can be used to
build applications, which allow end-users to perform various operations with audio data such as displaying a waveform
image and a spectral view of an audio file, recording, playing, editing, mixing, applying various audio effects and
filters, format conversion and more. It Supports all major audio formats. The vulnerability is caused due to a boundary