Release DateJan 05, 2012 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a Code Execution vulnerability in Ultra Crypto Component.The vulnerability is located in the "CryptoX.dll" ActiveX control with overlay long argument to the "SaveToFile" method. It may allow remote attackers to download and install arbitrary files in vulnerable systems. |
Affected ProductsUltra Shareware Ultra Crypto Component 0 |
Recommended ActionsSet the kill bit for the following classid:{FD22F3AE-1450-4BDC-ADBE-6AF210A78C2C} |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-4902 |
Reference/shttp://securitytracker.com/alerts/2007/Sep/1018675.htmlhttp://www.milw0rm.com/exploits/4388 http://www.securityfocus.com/bid/25611 (BugTraq) |
