CVE-2007-1083

Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://attrition.org/pipermail/vim/2007-February/001384.html
http://attrition.org/pipermail/vim/2007-February/001385.html
http://jvn.jp/cert/JVNVU%23308087/index.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479
http://osvdb.org/33479
http://secunia.com/advisories/24249	Vendor Advisory
http://www.jpcert.or.jp/at/2007/at070006.txt
http://www.kb.cert.org/vuls/id/308087	US Government Resource
http://www.securityfocus.com/bid/22671
http://www.securityfocus.com/bid/22676
http://www.securitytracker.com/id?1017692
http://www.securitytracker.com/id?1017693
http://www.securitytracker.com/id?1017694
http://www.vupen.com/english/advisories/2007/0702
https://download.verisign.co.jp/support/announce/20070216.html	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32639

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:verisign:mpki::::::::
	cpe:2.3:a:verisign:mpki:4.6.1:::::::*
	cpe:2.3:a:verisign:mpki:5.0:::::::*
	cpe:2.3:a:verisign:mpki:6.0:::::::*
	cpe:2.3:a:verisign:mpki:7.0:::::::*

History

No history.

Information

Published : 2007-02-23 02:28

Updated : 2024-02-04 17:13

NVD link : CVE-2007-1083

Mitre link : CVE-2007-1083

CVE.ORG link : CVE-2007-1083

JSON object : View

Products Affected

verisign

mpki

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-1083", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-02-23T02:28:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2007-February/001384.html", "source": "cve@mitre.org"}, {"url": "http://attrition.org/pipermail/vim/2007-February/001385.html", "source": "cve@mitre.org"}, {"url": "http://jvn.jp/cert/JVNVU%23308087/index.html", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33479", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24249", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.jpcert.or.jp/at/2007/at070006.txt", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/308087", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22671", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22676", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017692", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017693", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017694", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0702", "source": "cve@mitre.org"}, {"url": "https://download.verisign.co.jp/support/announce/20070216.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32639", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en el control ActiveX de Configuration Checker (ConfigChk) en la biblioteca VSCnfChk.dll versi\u00f3n 2.0.0.0.2 para Verisign Managed PKI Service, Secure Messaging para Microsoft Exchange y Go Secure!, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de argumentos largos en el m\u00e9todo VerCompare."}], "lastModified": "2017-07-29T01:30:37.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:verisign:mpki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4C59422-2D27-46E2-B224-03D839518671", "versionEndIncluding": "6.1.3"}, {"criteria": "cpe:2.3:a:verisign:mpki:4.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B9334BE-2B55-4AEE-B5A3-7FAA3767057F"}, {"criteria": "cpe:2.3:a:verisign:mpki:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5AE7972-3BBC-4247-8524-B90D8980269A"}, {"criteria": "cpe:2.3:a:verisign:mpki:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CD4AA8E-D8A0-48F2-AE50-AB38E6C96699"}, {"criteria": "cpe:2.3:a:verisign:mpki:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42581C0F-9F47-4BF3-A95E-EC03871889DF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}