TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
993
Microsoft Visual Studio 6.0 is vulnerable to stack based buffer overflow vulnerability. This issue is caused when
handling an overly long argument passed to the Mask parameter in the Msmask32.ocx ActiveX control. By persuading
a victim to visit specially crafted html page containing %u encoded shell code data, remote user can cause arbitrary
code to be executed on the target user's system or may cause denial of service. Patch is available, Upgrade
Msmask32.ocx version 6.0.84.18 to resolve this issue.
Signature ID: 35653
HP OpenView Network Node Manager OVAS.exe buffer overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1697
Bugtraq: 28569
Signature Description: HP OpenView Network Node Manager is a fault-management application for IP networks. HP
OpenView Network Node Manager versions 7.51 and 7.53 are vulnerable to stack based buffer overflow vulnerability.
The vulnerability is caused due to a boundary error within ovwparser.dll, which can be exploited by sending an overly
long HTTP GET request to ovas.exe on default tcp port 7510. Successful exploitation allows attacker to execute
arbitrary code in the victim system, which facilitates compromise of affected computers. Vendor has released updates
to resolve this issue. Please see the references for more information.
Signature ID: 35654
Friendly Technologies fwRemoteCfg.dll ActiveX Control Registry Key Manipulation
Vulnerability
Threat Level: Warning
Bugtraq: 30940
Signature Description: Friendly Technologies Ltd works on the development of privacy-friendly RFID or the Internet
of Things. It provides tools to facilitate network connectivity between Internet Service Providers and their customers.
Friendly Technologies fwRemoteCfg.dll ActiveX control is prone to a registry-key-manipulation vulnerability. This
issue can be exploited using methods like RegistryValue or GetTextFile or Save or RunApp of fwRemoteCfg.dll
ActiveX control. By persuading a victim to visit a malicious Web page, user can gain unauthorized access to victim's
system and can manipulate files. Successfully exploiting this issue allows remote attackers to edit arbitrary registry
keys of unsuspecting users. No remedy is available as of September 1, 2008, user can set killbit to the clsid F4A06697-
C0E7-4BB6-8C3B-E01016A4408B to resolve this issue.
Signature ID: 35655
Friendly Technologies fwRemoteCfg.dll ActiveX Remote Buffer Overflow Vulnerability
Threat Level: Severe
Signature Description: Friendly Technologies Ltd works on the development of privacy-friendly RFID or the Internet
of Things. It provides tools to facilitate network connectivity between Internet Service Providers and their customers.
Friendly Technologies fwRemoteCfg.dll ActiveX control is prone to stack based buffer overflow vulnerability. This
issue can be exploited by making use of the method CreateURLShortcut of fwRemoteCfg.dll ActiveX control. By
persuading a victim to visit a malicious Web page containing %u encoded data, user can overflow buffer and can
execute arbitrary code. No remedy is available as of September 1, 2008, user can set killbit to the clsid F4A06697-
C0E7-4BB6-8C3B-E01016A4408B to resolve this issue.
Signature ID: 35656
Google Chrome Browser 0.2.149.27 Automatic File Download Exploit
Threat Level: Warning
Signature Description: Google Chrome is a free and open source web browser developed by Google. The name is
derived from the graphical user interface frame, or chrome, of web browsers. A beta version for Microsoft Windows
was released on 2 September 2008. Google Chrome Browser 0.2.149.27 is vulnerable to arbitrary code execution
vulnerability. When user visits a malicious web page through Google's Web browser (Chrome), it allows files (e.g.,