• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft ActiveX Certificate Enrollment Control Certificate Destruction Vulnerability

A flaw has been discovered in the ActiveX control Certificate Enrollment Control.

The flaw in Certificate Enrollment Control may allow maliciously designed HTML content to delete certificates on a vulnerable system. This control could delete all stored certificates on the system, including trusted root certificates, Encrypted File System (EFS) certificates, and email signing certificates. The loss of this data could result in a range of problems such as the inability to communicate via a cryptographically secure channel, or the inability to decrypt locally stored data.