Lucene search

[email protected]CVE-2007-1083

HistoryFeb 23, 2007 - 2:28 a.m.

CVE-2007-1083

2007-02-2302:28:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-1083

buffer overflow

configuration checker

configchk

activex

vscnfchk.dll

verisign managed pki service

secure messaging for microsoft exchange

go secure!

remote code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.51 Medium

EPSS

Percentile

97.6%

JSON

Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.

Affected configurations

NVD

Node

verisignmpkiRange≤6.1.3

verisignmpkiMatch4.6.1

verisignmpkiMatch5.0

verisignmpkiMatch6.0

verisignmpkiMatch7.0

CPENameOperatorVersion
verisign:mpkiverisign mpkile6.1.3
verisign:mpkiverisign mpkieq4.6.1
verisign:mpkiverisign mpkieq5.0
verisign:mpkiverisign mpkieq6.0
verisign:mpkiverisign mpkieq7.0

CPE	Name	Operator	Version
verisign:mpki	verisign mpki	le	6.1.3
verisign:mpki	verisign mpki	eq	4.6.1
verisign:mpki	verisign mpki	eq	5.0
verisign:mpki	verisign mpki	eq	6.0
verisign:mpki	verisign mpki	eq	7.0

References

attrition.org/pipermail/vim/2007-February/001384.html

attrition.org/pipermail/vim/2007-February/001385.html

jvn.jp/cert/JVNVU%23308087/index.html

labs.idefense.com/intelligence/vulnerabilities/display.php?id=479

osvdb.org/33479

secunia.com/advisories/24249

www.jpcert.or.jp/at/2007/at070006.txt

www.kb.cert.org/vuls/id/308087

www.securityfocus.com/bid/22671

www.securityfocus.com/bid/22676

www.securitytracker.com/id?1017692

www.securitytracker.com/id?1017693

www.securitytracker.com/id?1017694

www.vupen.com/english/advisories/2007/0702

download.verisign.co.jp/support/announce/20070216.html

exchange.xforce.ibmcloud.com/vulnerabilities/32639

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.51 Medium

EPSS

Percentile

97.6%

JSON

Related for CVE-2007-1083

cert1 prion1 cvelist1 nessus1 securityvulns1 nvd1