|
Family: Windows --> Category: infos
VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of ConfigChk ActiveX control
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.
Description :
The ConfigChk ActiveX control, included with a VeriSign's PKI product
on the remote host and marked as safe for scripting, is reportedly
affected by a buffer overflow vulnerability involving its
'VerCompare()' method.
If a possible hacker can trick a user on the affected host into visiting a
specially-crafted web page, he may be able to leverage this issue to
execute arbitrary code on the host subject to the user's rights.
See also :
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0520.html
http://www.kb.cert.org/vuls/id/308087
http://www.verisign.com/support/advisories/page_040740.html
Solution :
Apply the vendor patch and verify that the file version of the
associated 'VSCnfChk.dll' is 2.0.0.3 or later.
Threat Level:
High / CVSS Base Score : 8.0
(AV:R/AC:H/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|