发布时间 :2006-05-09 06:02:00
修订时间 :2011-03-07 21:32:15

[原文]Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.

[CNNVD]Cryptomathic ActiveX控件 远程溢出漏洞(CNNVD-200605-135)

        成员名: "createPKCS10"
        progid: "CENROLLLib.Enroll"

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  OSVDB  25282
(PATCH)  SECTRACK  1016034
(UNKNOWN)  VUPEN  ADV-2006-1675
(UNKNOWN)  BID  17852
(VENDOR_ADVISORY)  BUGTRAQ  20060505 Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)
(UNKNOWN)  XF  cryptomathic-primeink-createpkcs10-bo(26255)

- 漏洞信息

Cryptomathic ActiveX控件 远程溢出漏洞
中危 缓冲区溢出
2006-05-09 00:00:00 2006-05-09 00:00:00
        成员名: "createPKCS10"
        progid: "CENROLLLib.Enroll"

- 公告与补丁


- 漏洞信息 (F46122)

cirt-43-advisory.pdf (PacketStormID:F46122)
2006-05-06 00:00:00
Dennis Rand
advisory,code execution,activex

A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The vulnerability allows code execution on any client machine that has the component installed if the user navigates to an attacker-created website.

- 漏洞信息

Cryptomathic Cenroll ActiveX Control createPKCS10() Function Overflow
Remote / Network Access, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

A remote overflow exists in Cenroll ActiveX Control. Cenroll ActiveX Control fails to perform proper bounds checking in the createPKCS10() method resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-05-05 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Cryptomathic ActiveX Control Remote Buffer Overflow Vulnerability
Boundary Condition Error 17852
Yes No
2006-05-05 12:00:00 2006-05-05 07:35:00
Dennis Rand is credited with the discovery of this issue.

- 受影响的程序版本

TDC Cryptomathic Digital Signature 0

- 漏洞讨论

Cryptomathic ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

Invoking the object from a malicious website or HTML email may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

The following proof of concept is available:

- 解决方案

The vendor has released an advisory, along with fixes to address this issue.

Users of affected packages should visit the referenced '' URI to determine if they are vulnerable and to download a fixed version of the application.

- 相关参考