Verisign i-Nav ActiveX Control Remote Buffer Overflow Vulnerability
BID:17939
Info
Verisign i-Nav ActiveX Control Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17939 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-2273 |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2006 12:00AM |
| Updated: | May 15 2006 06:24PM |
| Credit: | An anonymous researcher is credited with the discovery of this issue. |
| Vulnerable: |
VeriSign i-Nav |
| Not Vulnerable: | |
Discussion
Verisign i-Nav ActiveX Control Remote Buffer Overflow Vulnerability
Verisign i-Nav ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
Invoking the object from a malicious website or HTML email may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application using the affected ActiveX control.
Verisign i-Nav ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.
Invoking the object from a malicious website or HTML email may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application using the affected ActiveX control.
Exploit / POC
Verisign i-Nav ActiveX Control Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Verisign i-Nav ActiveX Control Remote Buffer Overflow Vulnerability
Solution:
Reportedly, the vendor has released updated versions of the affected software to address this issue. Users of affected packages should contact the vendor for further information.
Solution:
Reportedly, the vendor has released updated versions of the affected software to address this issue. Users of affected packages should contact the vendor for further information.
References
Verisign i-Nav ActiveX Control Remote Buffer Overflow Vulnerability
References:
References: