TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
999
comes with a user interface for total customization. The Switch control contains several templates such as ON/OFF,
Toggle, Dial, Rocker and more. The Vessel ActiveX control comes with a user interface for total customization.
ICONICS Vessel/Gauge/Switch ActiveX Control 8.2.140 0 and DlgWrapper.dll 8.0.138 0 are vulnerable to stack based
buffer overflow vulnerability. The vulnerability is caused due to boundary errors in the Dialog Wrapper Module
ActiveX control (DlgWrapper.dll) when handling the "DoModal()" method. By passing an overly long string as either
the File Name or Filter argument attacker can overflow buffer or Successful exploitation allows execution of arbitrary
code when a user visits a malicious website. Vendor has provided patches, Update to DlgWrapper.dll 8.4.166.0 to
resolve this issue.
Signature ID: 35676
Iconics Dialog Wrapper Module ActiveX DoModal() Remote Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6488 Bugtraq: 21849
Signature Description: The ICONICS Gauge/switch/vessel ActiveX control is designed to work inside any ActiveX
container such as Microsoft Office (Word, and Excel), Visual Basic Forms and more. The Gauge ActiveX control
comes with a user interface for total customization. The Switch control contains several templates such as ON/OFF,
Toggle, Dial, Rocker and more. The Vessel ActiveX control comes with a user interface for total customization.
ICONICS Vessel/Gauge/Switch ActiveX Control 8.2.140 and DlgWrapper.dll 8.0.138 are vulnerable to stack based
buffer overflow vulnerability. The vulnerability is caused due to boundary errors in the Dialog Wrapper Module
ActiveX control (DlgWrapper.dll) when handling the "DoModal()" method. By passing an overly long string as either
the File Name or Filter argument attacker can overflow buffer or Successful exploitation allows execution of arbitrary
code when a user visits a malicious website containing %u encoded shell code data. Vendor has provided patches,
Update to DlgWrapper.dll 8.4.166.0 to resolve this issue.
Signature ID: 35677
Google Chrome Window Object Suppressing Remote Denial of Service
Threat Level: Warning
Signature Description: Google Chrome is a free and open source web browser developed by Google. The name is
derived from the graphical user interface frame, or chrome, of web browsers. A beta version for Microsoft Windows
was released on 2 September 2008. Google chrome versions 0.2.149.30, 0.2.149.29 and 2.149.27 are vulnerable to
denial of service attack. The Google Chrome fails to sanitize a check when window.close() function is called in body
upload. The function is called in a suppressed manner and kills the parent window directly by default. No fix details are
available as of 30 September, 2008.
Signature ID: 35678
Chilkat IMAP ActiveX 7.9 Remote Denial Of Service Attack
Threat Level: Warning
Signature Description: Chilkat IMAP ActiveX is an IMAP client component that can help you read and manage folders
or emails on an IMAP server. It Supports S/MIME signed and encrypted email, multi threaded applications and also
SSL IMAP. It has full set of mailbox management features for adding, deleting, and renaming mailboxes. Chilkat
IMAP ActiveX 7.9 is vulnerable to denial of service attack. This vulnerability is caused due to function
LoadXmlEmail() which is present in ChilkatMail_v7_9.dll allows attacker to execute file which leads to Denial of
Service in IE. Administrators are advised to update the latest activeX control or alternately user can set killbit to the
clsid 126FB030-1E9E-4517-A254-430616582C50 to resolve this issue.
Signature ID: 35679
Chilkat IMAP ActiveX 7.9 Remote Denial Of Service Attack
Threat Level: Severe
Signature Description: Chilkat IMAP ActiveX is an IMAP client component that can help you read and manage folders
or emails on an IMAP server. It Supports S/MIME signed and encrypted email, multi threaded applications and also