TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
995
Signature ID: 35661
FlashGet 1.9.0.1012 (FTP Response) SEH STACK Overflow Vulnerability
Threat Level: Severe
Signature Description: FlashGet is the one of the best download manager and is very fast in downloading the files in
the internet. It takes charge of your downloads, automating the whole process from start to finish. It uses MHT(Multi-
server Hyper-threading Transportation) technique, supports various protocols like HTTP, HTTPS, FTP, BT, MMS,
MMST, RTSP, ed2k and has excellent document management features. FlashGet versions 1.9.0.1012 and prior are
vulnerable to stack based buffer overflow vulnerability. By sending a long response value through the FTP Response
code 257 (PATHNAME Created) user can overflow the buffer and can execute arbitrary code in the victim's system.
When user tries to download file from malicious ftp servers this attack will trigger. Please upgrade to FlashGet version
1.9.0.1013 or later versions to resolve this issue.
Signature ID: 35662
Anzio Web Print Object ActiveX Component mainurl Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3480 Bugtraq: 30545
Signature Description: Anzio Web Print Object is a Windows ActiveX web page component that, when placed on a
web page can push a print job from a file or web server to a user's local printer without having to display the HTML
equivalent to that user. By placing WePO code on a web page, you can provide a method whereby the viewer of that
web page can request a local print of a host resident print job, archived print job or a report stream through a server-
side script request. Anzio Web Print Object 3.2.24, 3.2.19 and prior versions are vulnerable to a stack based buffer
overflow vulnerability. By sending a web page with a long "mainurl" parameter for the WePO ActiveX component user
can overflow buffer. By tricking the user to visit a malicious web page containing exploit data user can overflow buffer
and can execute arbitrary code. Users are advised to upgrade to version 3.2.30 to resolve this issue.
Signature ID: 35663
Microsoft Windows Media Encoder 9 wmex.dll ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3008 Bugtraq: 31065
Signature Description: Windows Media Encoder is a freely available media encoder developed by Microsoft which
enables us to convert or capture both live and prerecorded audio, video, and computer screen images to Windows
Media formats for live and on-demand delivery. It features includes high-quality multichannel sound, high-definition
video quality, and support for mixed-mode voice and music content. Microsoft Windows Media Encoder 9 x64 and 9
versions are vulnerable to remote code execution vulnerability. The vulnerability is caused due to boundary error in the
WMEX.DLL ActiveX control. By sending long exploit data to GetDetailsString() method of WMEX.DLL activex
control, and making user to visit the malicious web page an attacker can exploit this issue to execute arbitrary code in
the context of an application using the affected ActiveX control. Failed attacks will likely cause denial-of-service
conditions. Patch details are available and alternately user can set killbit to the clsid A8D3AD02-7508-4004-B2E9-
AD33F087F43C to resolve this issue.
Signature ID: 35664
Microsoft Windows Media Encoder 9 wmex.dll ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3008
Bugtraq: 31065
Signature Description: Windows Media Encoder is a freely available media encoder developed by Microsoft which
enables us to convert or capture both live and prerecorded audio, video, and computer screen images to Windows
Media formats for live and on-demand delivery. It features includes high-quality multichannel sound, high-definition