TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
986
Signature ID: 35629
HP Software Update Hpufunction.dll ActiveX Control Insecure Method Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2390 Bugtraq: 28947
Signature Description: HP Software Update is a proactive tool that automatically updates selective HP software and
drivers. This tool comes pre-installed on certain notebooks, but if it is accidentally removed or lost, HP Software
Update can be re-installed by using this package. Hpufunction.dll version 4.0.0.1 in HP Software Update is vulnerable
to remote code execution. The HP Software Update ActiveX control (Hpufunction.dll) could allow a remote attacker to
execute arbitrary code on the system. By persuading a victim to visit a malicious Web site containing specilally
formated encoded data, that passes specially crafted arguments to the ExecuteAsync or Execute method, a remote
attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or
cause the application to crash. No remedy available as of August 2, 2008, Alternately user can set killbit to the clsid
B00FBC78-73CB-4216-8D01-96770CC020C3 to resolve this issue.
Signature ID: 35630
Zune software arbitrary file overwrite Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-1933
Signature Description: Zune software is Microsoft's product which let's you Manage and view your songs, videos, and
pictures. Rip and burn CDs. Create playlists. Edit track and album information. And Zune software can also
automatically import your existing files, including your music and video from iTunes and Windows Media Player.
Zune software "EncProfile2 Class" ActiveX control is vulnerable to arbitrary file overwrite vulnerability. By
persuading a victim to visit a malicious Web site and authorize the code to run, a remote attacker could exploit this
vulnerability using the SaveToFile() insecure method to create and overwrite arbitrary files on the system. No remedy
available as of August 2, 2008, user can set killbit to the clsid 0B1C3B47-207F-4CEA-8F31-34E4DB2F6EFD to
resolve this issue.
Signature ID: 35631
Zune software arbitrary file overwrite Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1933
Signature Description: Zune software is Microsoft's product which let's you Manage and view your songs, videos, and
pictures. Rip and burn CDs. Create playlists. Edit track and album information. And Zune software can also
automatically import your existing files, including your music and video from iTunes and Windows Media Player.
Zune software "EncProfile2 Class" ActiveX control is vulnerable to arbitrary file overwrite vulnerability. By
persuading a victim to visit a malicious Web site containing %u encoded exploit data and authorize the code to run, a
remote attacker could exploit this vulnerability using the SaveToFile() insecure method to create and overwrite
arbitrary files on the system. No remedy available as of August 2, 2008, user can set killbit to the clsid 0B1C3B47-
207F-4CEA-8F31-34E4DB2F6EFD to resolve this issue.
Signature ID: 35632
Watchfire AppScan ActiveX Control CompactSave method Arbitrary File Overwrite
Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-2015
Bugtraq: 28940
Signature Description: AppScan is an application testing tool that performs security scans on Web applications and
Web Services applications. It can also test server-side functions and vulnerabilities by interacting with the application
in a client capacity. It provides support for applications containing Flash and/or JavaScript, AppScan has the capacity
to parse these components to navigate the application properly. Watchfire, AppScan version 7.0 is vulnerable to file