CVE-2006-1172

Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cirt.dk/advisories/cirt-43-advisory.pdf	Vendor Advisory
http://www.kb.cert.org/vuls/id/548689	US Government Resource
http://www.securityfocus.com/bid/17852	Exploit
http://www.osvdb.org/25282	Patch
http://securitytracker.com/id?1016034	Patch
http://secunia.com/advisories/19968	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/1675
https://exchange.xforce.ibmcloud.com/vulnerabilities/26255
http://www.securityfocus.com/archive/1/433079/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:tdc:cryptomathic_cenroll_activex_control:1.1.0.0:*:*:*:*:*:*:*

Information

Published : 2006-05-09 03:02

Updated : 2018-10-18 09:31

NVD link : CVE-2006-1172

Mitre link : CVE-2006-1172

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

tdc

cryptomathic_cenroll_activex_control

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://cirt.dk/advisories/cirt-43-advisory.pdf", "name": "http://cirt.dk/advisories/cirt-43-advisory.pdf", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/548689", "name": "VU#548689", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/17852", "name": "17852", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/25282", "name": "25282", "tags": ["Patch"], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1016034", "name": "1016034", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/19968", "name": "19968", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/1675", "name": "ADV-2006-1675", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26255", "name": "cryptomathic-primeink-createpkcs10-bo(26255)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/433079/100/0/threaded", "name": "20060505 Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1172", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-05-09T10:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:tdc:cryptomathic_cenroll_activex_control:1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:31Z"}