Vulnerabilities > CVE-2007-1955 - Buffer Overflow vulnerability in Signkorea Skcommax Activex Control 5.4.1.2

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

signkorea

critical

NVD

Published: 2007-04-11

Updated: 2008-11-13

Summary

Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Signkorea Signkorea Skcommax Activex Control 5.4.1.2	1

References

http://osvdb.org/34322
http://secunia.com/advisories/24820
http://www.securityfocus.com/bid/23374