HTTP: VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability
This signature detects attempts to exploit a known vulnerability against VeriSign MPKI. An attacker can create a malicious Web page containing dangerous ActiveX calls, which if visited, can allow the attacker to gain control of the victim's system.
Extended Description
VeriSign Managed PKI Configuration Checker ActiveX control is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input prior to copying it to insufficiently sized memory buffers. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that employ the vulnerable controls (typically Microsoft Internet Explorer).
Affected Products
Verisign verisign_configuration_checker_activex_control
References
BugTraq: 22671
CVE: CVE-2007-1083
URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479
Short Name
HTTP:STC:CLSID:ACTIVEX:VERI-AX
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX Buffer CVE-2007-1083 ConfigChk Control Overflow VeriSign Vulnerability bid:22671
Release Date
02/28/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Verisign
CVSS Score
9.3