[VIM] Verisign ConfigChk ActiveX Overflow(s)
George A. Theall
theall at tenablesecurity.com
Thu Feb 22 22:31:23 EST 2007
Has anyone determined if there are any differences between the buffer
overflow covered by US-CERT's VU#308087 and iDefense's advisory #479.
Both involve the VerCompare() method of the Verisign's Configuration
Checker ActiveX? SecurityFocus has two BIDs: 22671 and 22676 respectively.
There's an acknowledgement from Verisign of what appears to be a single
issue (ie, "VeriSign has discovered *a* buffer overrun security
vulnerability", emphasis mine) here:
http://www.verisign.com/support/advisories/page_040740.html
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list