Intrusion Prevention

VeriSign.ConfigChk.ActiveX.Control.Access

Description

A buffer overflow vulnerability in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.

Affected Products

VSCnfChk.dll 2.0.0.2

Impact

Arbitrary code execution.

Recommended Actions

Setting the kill-bit for this control will prevent exploitation of this
vulnerability through Internet Explorer.
Or:
Apply the update from the vendor.

CVE References

CVE-2007-1083