MS.CAPICOM.ActiveX.Remote.Code.Execution
Description
This indicates an attempt to exploit a vulnerability in Microsoft CAPICOM and BizTalk Server.
The vulnerability is a result of a memory corruption error that occurs in the "CAPICOM.Certificates" ActiveX Control, in "capicom.dll", when handling malformed methods. Remote attackers can exploit it to cause a Denial of Service, or to execute arbitrary commands and take complete control of an affected system. The attacker must entice a victim into visiting a specially crafted web page.
Affected Products
Microsoft CAPICOM
Microsoft BizTalk Server 2004 Service Pack 1
Microsoft BizTalk Server 2004 Service Pack 2
Impact
System Compromise: Arbitrary command execution.
Denial of Service.
Recommended Actions
Apply the vendor-supplied patch:
http://www.microsoft.com/technet/security/bulletin/ms07-028.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |