| VID |
28186 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows host has a VeriSign ConfigChk ActiveX control that is vulnerable to a buffer overflow vulnerability. The VeriSign Configuration Checker (ConfigChk) ActiveX control is provided by web-based digital certificate enrollment sites and also by the VeriSign Managed PKI OnSiteMSI package. This control is vulnerable to a stack-based buffer overflow in the VerCompare() method, which could allow an overwrite of the process Structured Exception Handler (SEH). By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote attacker could execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash. |
| Recommendation |
Apply an update for this vulnerability (VSCnfChk.dll version 2.0.0.3 or later) or disable the affected ActiveX, as listed in US-CERT Vulnerability Note VU#308087 at http://www.kb.cert.org/vuls/id/308087 |
| Related URL |
CVE-2007-1083 (CVE) |
| Related URL |
22671 (SecurityFocus) |
| Related URL |
32639 (ISS) |
|
