PT-2007-6017 · Unknown · Ultra Crypto+1

Shinnai

Published

2007-09-17

Updated

2017-09-29

CVE-2007-4903

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Ultra Crypto Component versions 2.0 and earlier

Description: The issue concerns multiple buffer overflows in a certain ActiveX control in CryptoX.dll. This can be exploited by remote attackers to execute arbitrary code. The exploitation can occur via a long string in the first argument to the AcquireContext method or an unspecified vector to the DeleteContext method.

Recommendations: For versions 2.0 and earlier, consider disabling the AcquireContext and DeleteContext methods as a temporary workaround until a patch is available. Restrict access to the CryptoX.dll module to minimize the risk of exploitation. Avoid using long strings in the first argument to the AcquireContext method until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-4903

Affected Products

Cryptox.Dll

Ultra Crypto

PT-2007-6017 · Unknown · Ultra Crypto+1

CVE-2007-4903

Weakness Enumeration

Related Identifiers

Affected Products

References · 6