VeriSign Configuration Checker ActiveX Control Remote Buffer Overflow Vulnerability
BID:22671
Info
VeriSign Configuration Checker ActiveX Control Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 22671 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1083 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 22 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
VeriSign VeriSign Configuration Checker ActiveX control 0 |
| Not Vulnerable: | |
Discussion
VeriSign Configuration Checker ActiveX Control Remote Buffer Overflow Vulnerability
VeriSign Managed PKI Configuration Checker ActiveX control is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input prior to copying it to insufficiently sized memory buffers.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that employ the vulnerable controls (typically Microsoft Internet Explorer).
VeriSign Managed PKI Configuration Checker ActiveX control is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input prior to copying it to insufficiently sized memory buffers.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that employ the vulnerable controls (typically Microsoft Internet Explorer).
Exploit / POC
Solution / Fix
References
VeriSign Configuration Checker ActiveX Control Remote Buffer Overflow Vulnerability
References:
References:
- JVNVU#308087 (JVN)
- VeriSign Homepage (VeriSign)
- VeriSign Security Announcment 20070216 (VeriSign)
- Vulnerability Note VU#308087 (US-CERT)
- Managed PKI Client Security Vulnerability Patch (Verisign)