CVE-2007-1083

Name of the Vulnerable Software and Affected Versions Verisign Managed PKI Service versions 2.0.0.2 Secure Messaging for Microsoft Exchange versions 2.0.0.2 Go Secure! versions 2.0.0.2

Description The issue is related to a buffer overflow in the Configuration Checker (ConfigChk) ActiveX control. This control is located in the VSCnfChk.dll file, version 2.0.0.2. The buffer overflow can be triggered by providing long arguments to the VerCompare method, allowing remote attackers to execute arbitrary code.

Recommendations For Verisign Managed PKI Service version 2.0.0.2, consider disabling the VerCompare method in the ConfigChk ActiveX control until a patch is available. For Secure Messaging for Microsoft Exchange version 2.0.0.2, restrict access to the VSCnfChk.dll file to minimize the risk of exploitation. For Go Secure! version 2.0.0.2, avoid using the ConfigChk ActiveX control until the issue is resolved.