CVE-2006-1172
CVSS5.0
发布时间 :2006-05-09 06:02:00
修订时间 :2011-03-07 21:32:15
NMCOPS    

[原文]Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.


[CNNVD]Cryptomathic ActiveX控件 远程溢出漏洞(CNNVD-200605-135)

        Cryptomathic是丹麦的一家安全加密解决方案供应商
        Cryptomathic所开发的用于密钥管理操作的ActiveX工具对象中存在缓冲区溢出漏洞,攻击者可以创建调用该ActiveX组件的站点或嵌入了HTML页面的邮件。如果用户受骗访问了该站点或邮件的话,就可以导致执行任意指令。
        漏洞相关的具体文件为:
        有漏洞文件:"C:\Programmer\TDC\CSP\cenroll.dll"
        成员名: "createPKCS10"
        progid: "CENROLLLib.Enroll"
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1172
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1172
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-135
(官方数据源) CNNVD

- 其它链接及资源

http://www.osvdb.org/25282
(PATCH)  OSVDB  25282
http://securitytracker.com/id?1016034
(PATCH)  SECTRACK  1016034
http://secunia.com/advisories/19968
(VENDOR_ADVISORY)  SECUNIA  19968
http://www.vupen.com/english/advisories/2006/1675
(UNKNOWN)  VUPEN  ADV-2006-1675
http://www.securityfocus.com/bid/17852
(UNKNOWN)  BID  17852
http://www.securityfocus.com/archive/1/archive/1/433079/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060505 Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)
http://cirt.dk/advisories/cirt-43-advisory.pdf
(VENDOR_ADVISORY)  MISC  http://cirt.dk/advisories/cirt-43-advisory.pdf
http://xforce.iss.net/xforce/xfdb/26255
(UNKNOWN)  XF  cryptomathic-primeink-createpkcs10-bo(26255)

- 漏洞信息

Cryptomathic ActiveX控件 远程溢出漏洞
中危 缓冲区溢出
2006-05-09 00:00:00 2006-05-09 00:00:00
远程  
        Cryptomathic是丹麦的一家安全加密解决方案供应商
        Cryptomathic所开发的用于密钥管理操作的ActiveX工具对象中存在缓冲区溢出漏洞,攻击者可以创建调用该ActiveX组件的站点或嵌入了HTML页面的邮件。如果用户受骗访问了该站点或邮件的话,就可以导致执行任意指令。
        漏洞相关的具体文件为:
        有漏洞文件:"C:\Programmer\TDC\CSP\cenroll.dll"
        成员名: "createPKCS10"
        progid: "CENROLLLib.Enroll"
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        https://opdatering.tdc.dk/csp.exe

- 漏洞信息 (F46122)

cirt-43-advisory.pdf (PacketStormID:F46122)
2006-05-06 00:00:00
Dennis Rand  cirt.dk
advisory,code execution,activex
CVE-2006-1172
[点击下载]

A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The vulnerability allows code execution on any client machine that has the component installed if the user navigates to an attacker-created website.

- 漏洞信息

25282
Cryptomathic Cenroll ActiveX Control createPKCS10() Function Overflow
Remote / Network Access, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

A remote overflow exists in Cenroll ActiveX Control. Cenroll ActiveX Control fails to perform proper bounds checking in the createPKCS10() method resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-05-05 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Cryptomathic ActiveX Control Remote Buffer Overflow Vulnerability
Boundary Condition Error 17852
Yes No
2006-05-05 12:00:00 2006-05-05 07:35:00
Dennis Rand is credited with the discovery of this issue.

- 受影响的程序版本

TDC Cryptomathic Digital Signature 0

- 漏洞讨论

Cryptomathic ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

Invoking the object from a malicious website or HTML email may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

The following proof of concept is available:

- 解决方案

The vendor has released an advisory, along with fixes to address this issue.

Users of affected packages should visit the referenced 'opdatering.tdc.dk' URI to determine if they are vulnerable and to download a fixed version of the application.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站