Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SignKorea SKCrypAX ActiveX控件多个栈溢出漏洞
Vulnerability Description
SKCrypAX ActiveX控件是韩国银行、股票等在线银行服务常用的证书加密解决方案。 SKCrypAX ActiveX控件实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户机器。 SKCrypAX控件的DownloadCert()、DecryptFileByKey()和EncryptFileByKey()方法没有正确验证某些参数,如果对其传送了超长字符串的话就可能触发栈溢出,导致执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A