|
|
RETIRED: VeriSign ConfigCHK ActiveX Control VerCompare Buffer Overflow Vulnerability
The VeriSign ConfigChk ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application. Successful attacks can cause denial-of-service conditions in a browser or other applications that use the vulnerable application. Arbitrary code execution may also be possible, but this has not been confirmed. Version 2.0.0.2 is vulnerable; other versions may also be affected. RETIRED: This BID is being retired because it's a duplicate of the issue discussed in BID 22671 (VeriSign Configuration Checker ActiveX Control Remote Buffer Overflow Vulnerability). |
|
Privacy Statement |