[security-alerts] FW: [SA25185] CAPICOM CAPICOM.Certificates ActiveX Control Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> CAPICOM CAPICOM.Certificates ActiveX Control Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA25185
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25185/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft BizTalk Server 2004
> http://secunia.com/product/14160/
> CAPICOM 2.x
> http://secunia.com/product/14159/
> Platform SDK Redistributable: CAPICOM 2.x
> http://secunia.com/product/14158/
> 
> DESCRIPTION:
> A vulnerability has been reported in CAPICOM (Cryptographic API
> Component Object Model), which can be exploited by malicious people
> to compromise a user's system.
> 
> The vulnerability is caused due to an unspecified error in the
> CAPICOM.Certificates ActiveX control (CAPICOM.dll) when handling
> certain input.
> 
> Successful exploitation allows execution of arbitrary code when a
> user e.g. visits a malicious web site.
> 
> NOTE: Other unspecified issues discovered internally by Microsoft
> have also been reported.
> 
> SOLUTION:
> Apply patches.
> 
> CAPICOM:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CA930
> 018-4A66-4DA6-A6C5-206DF13AF316
> 
> Platform SDK Redistributable CAPICOM:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CA930
> 018-4A66-4DA6-A6C5-206DF13AF316
> 
> BizTalk Server 2004 SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CA930
> 018-4A66-4DA6-A6C5-206DF13AF316
> 
> BizTalk Server 2004 SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=CA930
> 018-4A66-4DA6-A6C5-206DF13AF316
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Chris Ries, VigilantMinds Inc.
> 
> ORIGINAL ADVISORY:
> MS07-028 (KB931906):
> http://www.microsoft.com/technet/security/Bulletin/MS07-028.mspx
>