FKIE_CVE-2007-1083

Vulnerability from fkie_nvd - Published: 2007-02-23 02:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
References
cve@mitre.orghttp://attrition.org/pipermail/vim/2007-February/001384.html
cve@mitre.orghttp://attrition.org/pipermail/vim/2007-February/001385.html
cve@mitre.orghttp://jvn.jp/cert/JVNVU%23308087/index.html
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479
cve@mitre.orghttp://osvdb.org/33479
cve@mitre.orghttp://secunia.com/advisories/24249Vendor Advisory
cve@mitre.orghttp://www.jpcert.or.jp/at/2007/at070006.txt
cve@mitre.orghttp://www.kb.cert.org/vuls/id/308087US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/22671
cve@mitre.orghttp://www.securityfocus.com/bid/22676
cve@mitre.orghttp://www.securitytracker.com/id?1017692
cve@mitre.orghttp://www.securitytracker.com/id?1017693
cve@mitre.orghttp://www.securitytracker.com/id?1017694
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0702
cve@mitre.orghttps://download.verisign.co.jp/support/announce/20070216.htmlVendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32639
af854a3a-2127-422b-91ae-364da2661108http://attrition.org/pipermail/vim/2007-February/001384.html
af854a3a-2127-422b-91ae-364da2661108http://attrition.org/pipermail/vim/2007-February/001385.html
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/cert/JVNVU%23308087/index.html
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/33479
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24249Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.jpcert.or.jp/at/2007/at070006.txt
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/308087US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22671
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22676
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017692
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017693
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017694
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0702
af854a3a-2127-422b-91ae-364da2661108https://download.verisign.co.jp/support/announce/20070216.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32639
Impacted products
Vendor Product Version
verisign mpki *
verisign mpki 4.6.1
verisign mpki 5.0
verisign mpki 6.0
verisign mpki 7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:verisign:mpki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C59422-2D27-46E2-B224-03D839518671",
              "versionEndIncluding": "6.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:verisign:mpki:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9334BE-2B55-4AEE-B5A3-7FAA3767057F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:verisign:mpki:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5AE7972-3BBC-4247-8524-B90D8980269A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:verisign:mpki:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD4AA8E-D8A0-48F2-AE50-AB38E6C96699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:verisign:mpki:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42581C0F-9F47-4BF3-A95E-EC03871889DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en el control ActiveX de Configuration Checker (ConfigChk) en la biblioteca VSCnfChk.dll versi\u00f3n 2.0.0.0.2 para Verisign Managed PKI Service, Secure Messaging para Microsoft Exchange y Go Secure!,  permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de argumentos largos en el m\u00e9todo VerCompare."
    }
  ],
  "id": "CVE-2007-1083",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-02-23T02:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2007-February/001384.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2007-February/001385.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://jvn.jp/cert/JVNVU%23308087/index.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33479"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.jpcert.or.jp/at/2007/at070006.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/308087"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22671"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22676"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017692"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017693"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017694"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0702"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.verisign.co.jp/support/announce/20070216.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2007-February/001384.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2007-February/001385.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/cert/JVNVU%23308087/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.jpcert.or.jp/at/2007/at070006.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/308087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://download.verisign.co.jp/support/announce/20070216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32639"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.