MS.CAPICOM.ActiveX.Remote.Code.Execution

description-logoDescription

This indicates an attempt to exploit a vulnerability in Microsoft CAPICOM and BizTalk Server.
The vulnerability is a result of a memory corruption error that occurs in the "CAPICOM.Certificates" ActiveX Control, in "capicom.dll", when handling malformed methods. Remote attackers can exploit it to cause a Denial of Service, or to execute arbitrary commands and take complete control of an affected system. The attacker must entice a victim into visiting a specially crafted web page.

affected-products-logoAffected Products

Microsoft CAPICOM
Microsoft BizTalk Server 2004 Service Pack 1
Microsoft BizTalk Server 2004 Service Pack 2

Impact logoImpact

System Compromise: Arbitrary command execution.
Denial of Service.

recomended-action-logoRecommended Actions

Apply the vendor-supplied patch:
http://www.microsoft.com/technet/security/bulletin/ms07-028.mspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)