PT-2006-2194 · Cryptomathic · Cryptomathic Cenroll Activex Control

Publicado

2006-05-09

Atualizado

2018-10-18

CVE-2006-1172

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cryptomathic Cenroll ActiveX Control version 1.1.0.0

Description The issue is related to a stack-based buffer overflow in the createPKCS10 function, which can be exploited by remote attackers to execute arbitrary code. This is achieved through vectors related to the TDC Digital signature.

Recommendations For Cryptomathic Cenroll ActiveX Control version 1.1.0.0, consider disabling the createPKCS10 function as a temporary workaround until a patch is available. Restrict access to the ActiveX Control to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-1172

Produtos afetados

Cryptomathic Cenroll Activex Control

PT-2006-2194 · Cryptomathic · Cryptomathic Cenroll Activex Control

CVE-2006-1172

Identificadores relacionados

Produtos afetados

Referências · 11