RETIRED: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow Vulnerability
BID:22676
Info
RETIRED: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow Vulnerability
| Bugtraq ID: | 22676 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 22 2007 12:00AM |
| Updated: | Feb 23 2007 07:46PM |
| Credit: | David D. Rude II (iDefense) is credited with the discovery of this vulnerability. |
| Vulnerable: |
VeriSign ActiveX ConfigChk ActiveX control 2.0 .2 |
| Not Vulnerable: | |
Discussion
RETIRED: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow Vulnerability
The VeriSign ConfigChk ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application.
Successful attacks can cause denial-of-service conditions in a browser or other applications that use the vulnerable application. Arbitrary code execution may also be possible, but this has not been confirmed.
Version 2.0.0.2 is vulnerable; other versions may also be affected.
RETIRED: This BID is being retired because it's a duplicate of the issue discussed in BID 22671 (VeriSign Configuration Checker ActiveX Control Remote Buffer Overflow Vulnerability).
The VeriSign ConfigChk ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application.
Successful attacks can cause denial-of-service conditions in a browser or other applications that use the vulnerable application. Arbitrary code execution may also be possible, but this has not been confirmed.
Version 2.0.0.2 is vulnerable; other versions may also be affected.
RETIRED: This BID is being retired because it's a duplicate of the issue discussed in BID 22671 (VeriSign Configuration Checker ActiveX Control Remote Buffer Overflow Vulnerability).
Exploit / POC
RETIRED: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
RETIRED: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
RETIRED: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Verisign Web Site (Verisign)
- VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability (iDefense Labs)