Intrusion Prevention

MS.CAPICOM.ActiveX.Remote.Code.Execution

Description

This indicates an attempt to exploit a vulnerability in Microsoft CAPICOM and BizTalk Server.
The vulnerability is a result of a memory corruption error that occurs in the "CAPICOM.Certificates" ActiveX Control, in "capicom.dll", when handling malformed methods. Remote attackers can exploit it to cause a Denial of Service, or to execute arbitrary commands and take complete control of an affected system. The attacker must entice a victim into visiting a specially crafted web page.

Affected Products

Microsoft CAPICOM
Microsoft BizTalk Server 2004 Service Pack 1
Microsoft BizTalk Server 2004 Service Pack 2

Impact

System Compromise: Arbitrary command execution.
Denial of Service.

Recommended Actions

Apply the vendor-supplied patch:
http://www.microsoft.com/technet/security/bulletin/ms07-028.mspx

CVE References

CVE-2007-0940