Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)
A vulnerability has been found in an ActiveX object distributed as part of
TDC' Microsoft CSP suite.
The suite consists of Cryptomathic PrimeInk CSP and some ActiveX objects.
The primary task of the
CSP is to handle private RSA keys that are encrypted by keys derived from
the user provided
passwords. The ActiveX objects assist in key management operations like
certificate request
generation, installation of issued certificate, key and certificate
backup/recovery and change of
password.
The PrimeInk CSP product and the ActiveX utility objects are developed by
Cryptomathic, for
TDC Digital Certificates adhering to the Danish OCES certificate policy.
While Cryptomathic PrimeInk CSP is used by many institutions around the
world, the ActiveX objects
have only been distributed as part of TDC's Microsoft CSP suite in Denmark.
The vulnerability allows code execution on any client machine that has the
component installed if the
user navigates to an attacker-created website. The attacker creates a
website that calls the installed
ActiveX component, or it would be possible to make an email with an embedded
HTML page thereby
triggering an overflow.
The full advisory can be read at
http://www.cirt.dk/advisories/cirt-43-advisory.pdf
CIRT.DK