[VIM] Verisign ConfigChk ActiveX Overflow(s)

George A. Theall theall at tenablesecurity.com
Thu Feb 22 22:31:23 EST 2007


Has anyone determined if there are any differences between the buffer 
overflow covered by US-CERT's VU#308087 and iDefense's advisory #479. 
Both involve the VerCompare() method of the Verisign's Configuration 
Checker ActiveX? SecurityFocus has two BIDs: 22671 and 22676 respectively.

There's an acknowledgement from Verisign of what appears to be a single 
issue (ie, "VeriSign has discovered *a* buffer overrun security 
vulnerability", emphasis mine) here:

   http://www.verisign.com/support/advisories/page_040740.html

George
-- 
theall at tenablesecurity.com


More information about the VIM mailing list