1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Verisign ConfigCHK BO

HTTP Verisign ConfigCHK BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to instantiate VeriSign ConfigCHK object, and an attempt to call the 'VerCompare' method.

Additional Information

The VeriSign ConfigChk ActiveX control is used by multiple VeriSign products to utilize 1024-bit cryptography via the Microsoft Enhanced Cryptographic Provider.

The ConfigChk ActiveX control (CLSID: 08F04139-8DFC-11D2-80E9-006008B066EE) is prone to a buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Specifically, issue occurs when either parameter of the 'VerCompare()' method of the 'VSCnfChk.dll' library is supplied with data larger than 28 bytes.

A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application.

Successful attacks can cause denial-of-service conditions in a web browser or other applications that use the vulnerable application. Arbitrary code execution may also be possible, but this has not been confirmed.

Version 2.0.0.2 is vulnerable; other versions may also be affected.

Affected

  • VeriSign ActiveX ConfigChk ActiveX control 2.0.2

Response

Workaround:To prevent successful attacks, disable Active Scripting in Internet Explorer or set the kill bit on the ActiveX control with a CLSID of 08F04139-8DFC-11D2-80E9-006008B066EE.

For details on setting the kill bit for CLSIDs, consult Microsoft support document 240797.Solution:Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube