Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Windows --> Category: infos

VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks version of ConfigChk ActiveX control

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The ConfigChk ActiveX control, included with a VeriSign's PKI product
on the remote host and marked as safe for scripting, is reportedly
affected by a buffer overflow vulnerability involving its
'VerCompare()' method.

If a possible hacker can trick a user on the affected host into visiting a
specially-crafted web page, he may be able to leverage this issue to
execute arbitrary code on the host subject to the user's rights.

See also :

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0520.html
http://www.kb.cert.org/vuls/id/308087
http://www.verisign.com/support/advisories/page_040740.html

Solution :

Apply the vendor patch and verify that the file version of the
associated 'VSCnfChk.dll' is 2.0.0.3 or later.

Threat Level:

High / CVSS Base Score : 8.0
(AV:R/AC:H/Au:NR/C:C/I:C/A:C/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.