PT-2007-6017 · Unknown · Ultra Crypto+1
Shinnai
·
Publicado
2007-09-17
·
Atualizado
2017-09-29
·
CVE-2007-4903
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Ultra Crypto Component versions 2.0 and earlier
Description:
The issue concerns multiple buffer overflows in a certain ActiveX control in CryptoX.dll. This can be exploited by remote attackers to execute arbitrary code. The exploitation can occur via a long string in the first argument to the
AcquireContext method or an unspecified vector to the DeleteContext method.Recommendations:
For versions 2.0 and earlier, consider disabling the
AcquireContext and DeleteContext methods as a temporary workaround until a patch is available. Restrict access to the CryptoX.dll module to minimize the risk of exploitation. Avoid using long strings in the first argument to the AcquireContext method until the issue is resolved.Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cryptox.Dll
Ultra Crypto