VeriSign ConfigChk ActiveX Control (VSCnfChk.dll) Buffer Overflow
Medium Nessus Plugin ID 24734
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe ConfigChk ActiveX control, included with VeriSign's PKI product on the remote host and marked as safe for scripting, is reportedly affected by a buffer overflow vulnerability involving its 'VerCompare()' method.
If an attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the host subject to the user's privileges.
SolutionApply the vendor patch and verify that the file version of the associated 'VSCnfChk.dll' is 18.104.22.168 or later.