JPCERT-AT-2007-0006
JPCERT/CC
February 19, 2007
<<< JPCERT/CC Alert 2007-02-19 >>>
Vulnerability in VeriSign Managed PKI Service ActiveX control
http://www.jpcert.or.jp/at/2007/at070006.txt
I. Overview
The ActiveX control, used in VeriSign Managed PKI Service to obtain,
update, and renew digital certificates, contains a buffer overflow
vulnerability. Exploitation of this vulnerability could allow a remote
attacker to execute arbitrary code. For more information on this
vulnerability, see the following URL:
Information on Measures for Buffer Overflow Vulnerability in
VeriSign Managed PKI Service
https://download.verisign.co.jp/support/announce/20070216.html
According to the information from VeriSign, it was confirmed that
this vulnerability only affects the ActiveX control used in VeriSign
Managed PKI Service and does not affect the system of digital
certificates and authentication using digital certificates.
II. Systems Affected
Users who obtained, updated, or renewed digital certificates issued
by VeriSign Managed PKI Service through Microsoft Internet Explorer
may be affected by this vulnerability. To check if the vulnerable
ActiveX control is installed, access the above URL and follow the
steps described in "Solution."
III. Solution
If the vulnerable ActiveX control is installed, remove the ActiveX
control by following the steps provided by the vendor.
IV. Reference Information
VeriSign Japan
FAQ (Frequently Asked Questions)
https://download.verisign.co.jp/support/announce/20070216/faq.html
JP Vendor Status Notes JVNVU#308087
Buffer Overflow Vulnerability in VeriSign ActiveX Control
http://jvn.jp/cert/JVNVU%23308087/
If you have any information regarding this matter, please contact
us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top