BID:23782

Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability

Info

Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability

Bugtraq ID:	23782
Class:	Design Error
CVE:	CVE-2007-0940
Remote:	Yes
Local:	No
Published:	May 08 2007 12:00AM
Updated:	May 08 2007 10:19PM
Credit:	Chris Ries of VigilantMinds Inc. is credited with discover of this issue.
Vulnerable:	Microsoft Platform SDK : Capicom ActiveX Control 0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft Capicom ActiveX Control 0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Standard Edition SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Standard Edition SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Partner Edition SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Partner Edition SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Enterprise Edition SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Enterprise Edition SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Developer Edition SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2004 Developer Edition SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1

Not Vulnerable:	Microsoft BizTalk Server 2006 Standard Edition 0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2006 Partner Edition 0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2006 Enterprise Edition 0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2006 Developer Edition 0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft Biztalk Server 2002 Partner Edition 0 Microsoft Biztalk Server 2002 Partner Edition 0 Microsoft BizTalk Server 2002 Enterprise Edition - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows XP Professional Microsoft BizTalk Server 2002 Developer Edition - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2002 Developer Edition - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2000 Standard Edition SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2000 Standard Edition SP1a - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2000 Standard Edition - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2000 Enterprise Edition SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2000 Enterprise Edition SP1a - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2000 Enterprise Edition - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 Microsoft BizTalk Server 2000 Developer Edition SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2000 Developer Edition SP1a - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server Microsoft BizTalk Server 2000 Developer Edition - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1

Discussion

Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability

The Microsoft CAPICOM ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

Exploit / POC

Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability

Solution:
Microsoft has released an advisory and fixes to address this issue. Please see the references for more information.

Microsoft BizTalk Server 2004 Standard Edition SP1

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft BizTalk Server 2004 Partner Edition SP1

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft BizTalk Server 2004 Developer Edition SP1

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft BizTalk Server 2004 Enterprise Edition SP2

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft BizTalk Server 2004 Standard Edition SP2

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft Platform SDK : Capicom ActiveX Control 0

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft BizTalk Server 2004 Partner Edition SP2

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft Capicom ActiveX Control 0

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft BizTalk Server 2004 Developer Edition SP2

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

Microsoft BizTalk Server 2004 Enterprise Edition SP1

Microsoft Security Update for CAPICOM (KB931906)
CAPICOM-KB931906-v2102.exe
http://www.microsoft.com/downloads/details.aspx?familyid=CA930018-4A66 -4DA6-A6C5-206DF13AF316&displaylang=en

References

Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability

References:

Introducing CAPICOM (Microsoft)
Microsoft Cryptographic API Component Object Model Certificates ActiveX control (US-CERT)
Microsoft Knowledge Base Article 240797 (Microsoft)
Microsoft Windows Homepage (Microsoft)
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) (Microsoft)