TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
985
error in the NCTsoft AudFile.dll ActiveX Control when handling the "SetFormatLikeSample()" method. This can be
exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the
affected method. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
Set killbit to the clsid 77829F14-D911-40FF-A2F0-D11DB8D6D0BC to resolve this issue. This signature detects
attacks using encoding techniques requesting the vulnerable ActiveX control.
Signature ID: 35626
HP Software Update Hpufunction.dll ActiveX Control Insecure Method Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-2390
Bugtraq: 28947
Signature Description: HP Software Update is a proactive tool that automatically updates selective HP software and
drivers. This tool comes pre-installed on certain notebooks, but if it is accidentally removed or lost, HP Software
Update can be re-installed by using this package. Hpufunction.dll version 4.0.0.1 in HP Software Update is vulnerable
to remote code execution. The HP Software Update ActiveX control (Hpufunction.dll) could allow a remote attacker to
execute arbitrary code on the system. By persuading a victim to visit a malicious Web site that passes specially crafted
arguments to the ExecuteAsync or Execute method, a remote attacker could exploit this vulnerability to execute
arbitrary code on the system with the privileges of the victim or cause the application to crash. No remedy available as
of August 2, 2008, Alternately user can set killbit to the clsid B00FBC78-73CB-4216-8D01-96770CC020C3 to resolve
this issue.
Signature ID: 35627
HP Software Update Hpufunction.dll ActiveX Control Insecure Method Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2390 Bugtraq: 28947
Signature Description: HP Software Update is a proactive tool that automatically updates selective HP software and
drivers. This tool comes pre-installed on certain notebooks, but if it is accidentally removed or lost, HP Software
Update can be re-installed by using this package. Hpufunction.dll version 4.0.0.1 in HP Software Update is vulnerable
to remote code execution. The HP Software Update ActiveX control (Hpufunction.dll) could allow a remote attacker to
execute arbitrary code on the system. By persuading a victim to visit a malicious Web site containing hex encoded data
that passes specially crafted arguments to the ExecuteAsync or Execute method, a remote attacker could exploit this
vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
No remedy available as of August 2, 2008, Alternately user can set killbit to the clsid B00FBC78-73CB-4216-8D01-
96770CC020C3 to resolve this issue.
Signature ID: 35628
HP Software Update Hpufunction.dll ActiveX Control Insecure Method Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2390 Bugtraq: 28947
Signature Description: HP Software Update is a proactive tool that automatically updates selective HP software and
drivers. This tool comes pre-installed on certain notebooks, but if it is accidentally removed or lost, HP Software
Update can be re-installed by using this package. Hpufunction.dll version 4.0.0.1 in HP Software Update is vulnerable
to remote code execution. The HP Software Update ActiveX control (Hpufunction.dll) could allow a remote attacker to
execute arbitrary code on the system. By persuading a victim to visit a malicious Web site containing %u encoded data
that passes specially crafted arguments to the ExecuteAsync or Execute method, a remote attacker could exploit this
vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
No remedy available as of August 2, 2008, Alternately user can set killbit to the clsid B00FBC78-73CB-4216-8D01-
96770CC020C3 to resolve this issue.