CVE-2007-1083

Sažetak

Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.

Reference

http://attrition.org/pipermail/vim/2007-February/001384.html
http://attrition.org/pipermail/vim/2007-February/001385.html
http://jvn.jp/cert/JVNVU%23308087/index.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479
http://osvdb.org/33479
http://secunia.com/advisories/24249
http://www.jpcert.or.jp/at/2007/at070006.txt
http://www.kb.cert.org/vuls/id/308087
http://www.securityfocus.com/bid/22671
http://www.securityfocus.com/bid/22676
http://www.securitytracker.com/id?1017692
http://www.securitytracker.com/id?1017693
http://www.securitytracker.com/id?1017694
http://www.vupen.com/english/advisories/2007/0702
https://download.verisign.co.jp/support/announce/20070216.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/32639

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:30

Objavljeno

23-02-2007 - 02:28