TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
997
to any type of application. This CD/DVD recording SDK supports all CD/DVD devices and provides a flexible, solid
framework for applications regardless of the development environment. Complex issues associated with writing to
CD/DVD such as threading, buffering, and non-standard device commands are handled by the SDK. NuMedia Soft
NMS DVD Burning SDK CDBurnerXP 4.2.1.976 and prior versions are vulnerable to remote code execution
vulnerability. The vulnerability is caused with the help of "EnableLog" method and "LogMessage" method present in
NMSDVDX.dll activeX control. When user opens web page containing %u encoded shell code data an attacker can
execute arbitrary code in the victim system. Users are advised to upgrade to the latest versions of NMS DVD Burning
SDK or alternately set a kill bit to the clsid C2FBBB5F-6FF7-4F6B-93A3-7EDB509AA938 to resolve this issue.
Signature ID: 35669
Chilkat XML ActiveX Remote Arbitrary File Execution Vulnerability
Threat Level: Warning
Signature Description: Chilkat XML provides a simplified DOM and API that is powerful, flexible and easy to
understand. It can reduce your development costs by shortening XML implementation times and reducing the learning
curve for programmers unfamiliar with XML.The Chilkat XML parser is available in several different packages for
different programming environments in that an ActiveX XML Parser is used for Visual Basic, FoxPro, Delphi, and any
programming language supporting ActiveX. Chilkat Software, Chilkat XML ActiveX control 3.0.3.0 is vulnerable to
remote arbitrary file execution vulnerability. The vulnerability is caused due to the insecure SaveToFile(),
SaveToTempFile() and AppendBinary() methods present in ChilkatUtil.dll ActiveX control. These can be exploited to
create arbitrary files or append data to arbitrary files on the system in the context of the currently logged-on user.
Successful exploitation allows execution of arbitrary code in the victim system. No patch details are available to
resolve this issue, user can Set the kill bit to the clsid 5022FAE8-B780-4B78-B8DC-1AF1145A4F42 to resolve this
issue.
Signature ID: 35670
Chilkat XML ActiveX Remote Arbitrary File Execution Vulnerability
Threat Level: Severe
Signature Description: Chilkat XML provides a simplified DOM and API that is powerful, flexible and easy to
understand. It can reduce your development costs by shortening XML implementation times and reducing the learning
curve for programmers unfamiliar with XML.The Chilkat XML parser is available in several different packages for
different programming environments in that an ActiveX XML Parser is used for Visual Basic, FoxPro, Delphi, and any
programming language supporting ActiveX. Chilkat Software, Chilkat XML ActiveX control 3.0.3.0 is vulnerable to
remote arbitrary file execution vulnerability. The vulnerability is caused due to malformed %u encoded data sent to the
insecure SaveToFile(), SaveToTempFile() and AppendBinary() methods present in ChilkatUtil.dll ActiveX control.
These can be exploited to create arbitrary files or append data to arbitrary files on the system in the context of the
currently logged-on user. Successful exploitation allows execution of arbitrary code in the victim system. No patch
details are available to resolve this issue, user can Set the kill bit to the clsid 5022FAE8-B780-4B78-B8DC-
1AF1145A4F42 to resolve this issue.
Signature ID: 35671
Chilkat XML ActiveX Remote Arbitrary File Execution Vulnerability
Threat Level: Warning
Signature Description: Chilkat XML provides a simplified DOM and API that is powerful, flexible and easy to
understand. It can reduce your development costs by shortening XML implementation times and reducing the learning
curve for programmers unfamiliar with XML.The Chilkat XML parser is available in several different packages for
different programming environments in that an ActiveX XML Parser is used for Visual Basic, FoxPro, Delphi, and any
programming language supporting ActiveX. Chilkat Software, Chilkat XML ActiveX control 3.0.3.0 is vulnerable to
remote arbitrary file execution vulnerability. The vulnerability is caused due to the ChilkatUtil.CkData.1 present in
ChilkatUtil.dll ActiveX control including the insecure SaveToFile(), SaveToTempFile() and AppendBinary() methods.
These can be exploited to create arbitrary files or append data to arbitrary files on the system in the context of the