CVE-2007-1083
published 2007-02-23CVE-2007-1083: Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.23%
94.2th percentile
Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| verisign | mpki | <= 6.1.3 | — |
| verisign | mpki | — | — |
| verisign | mpki | — | — |
| verisign | mpki | — | — |
| verisign | mpki | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-5959 Multiple flaws in Firefox
bugzilla·2007-11-21·CVSS 9.3
CVE-2007-5959 [CRITICAL] CVE-2007-5959 Multiple flaws in Firefox
CVE-2007-5959 Multiple flaws in Firefox
Several flaws were found in the way in which Firefox processed certain
malformed web content. A web page containing malicious content could cause
Firefox to crash or potentially execute arbitrary code as the user running
Firefox.
This fixes the following upstream bugs:
https://bugzilla.mozilla.org/buglist.cgi?bug_id=373911%2C391028%2C393326
Discussion:
Lifting embargo
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-1084.html
http://rhn.redhat.com/errata/RHSA-2007-1082.html
http://rhn.redhat.com/errata/RHSA-2007-1083.html
Bugzilla
CVE-2007-5947 Mozilla jar: protocol XSS
bugzilla·2007-11-21·CVSS 4.3
CVE-2007-5947 [MEDIUM] CVE-2007-5947 Mozilla jar: protocol XSS
CVE-2007-5947 Mozilla jar: protocol XSS
A cross site scripting flaw was found in the way Firefox handles the jar: URI
scheme. It is possible for a malicious web site to leverage this flaw to
possibly conduct a cross site scripting attack against a Firefox user.
Discussion:
Lifting embargo
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-1084.html
http://rhn.redhat.com/errata/RHSA-2007-1082.html
http://rhn.redhat.com/errata/RHSA-2007-1083.html
Bugzilla
CVE-2007-5960 Mozilla Cross-site Request Forgery flaw
bugzilla·2007-11-21·CVSS 4.3
CVE-2007-5960 [MEDIUM] CVE-2007-5960 Mozilla Cross-site Request Forgery flaw
CVE-2007-5960 Mozilla Cross-site Request Forgery flaw
A race condition exists when setting the window.location property on a web page.
This flaw could allow a page to set an arbitrary Referer header, which may lead
to a Cross-site Request Forgery (CSRF) attack against websites that rely only on
the Referer header.
Discussion:
Lifting embargo
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-1084.html
http://rhn.redhat.com/errata/RHSA-2007-1082.html
http://rhn.redhat.com/errata/RHSA-2007-1083.html
http://attrition.org/pipermail/vim/2007-February/001384.htmlhttp://attrition.org/pipermail/vim/2007-February/001385.htmlhttp://jvn.jp/cert/JVNVU%23308087/index.htmlhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479http://osvdb.org/33479http://secunia.com/advisories/24249http://www.jpcert.or.jp/at/2007/at070006.txthttp://www.kb.cert.org/vuls/id/308087http://www.securityfocus.com/bid/22671http://www.securityfocus.com/bid/22676http://www.securitytracker.com/id?1017692http://www.securitytracker.com/id?1017693http://www.securitytracker.com/id?1017694http://www.vupen.com/english/advisories/2007/0702https://download.verisign.co.jp/support/announce/20070216.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/32639http://attrition.org/pipermail/vim/2007-February/001384.htmlhttp://attrition.org/pipermail/vim/2007-February/001385.htmlhttp://jvn.jp/cert/JVNVU%23308087/index.htmlhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=479http://osvdb.org/33479http://secunia.com/advisories/24249http://www.jpcert.or.jp/at/2007/at070006.txthttp://www.kb.cert.org/vuls/id/308087http://www.securityfocus.com/bid/22671http://www.securityfocus.com/bid/22676http://www.securitytracker.com/id?1017692http://www.securitytracker.com/id?1017693http://www.securitytracker.com/id?1017694http://www.vupen.com/english/advisories/2007/0702https://download.verisign.co.jp/support/announce/20070216.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/32639
2007-02-23
Published