CVE-2006-1172

Cryptomathic Cenroll ActiveX Control 1.1.0.0 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1172. PoCs published by Dennis Rand.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Cryptomathic ActiveX control. It demonstrates arbitrary code execution by overwriting EIP and SEH handlers via a malicious HTML page, leading to a crash or potential code execution in the context of the client application.

Description

Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dennis Rand · textremotewindows

https://www.exploit-db.com/exploits/27820

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Cryptomathic ActiveX control. It demonstrates arbitrary code execution by overwriting EIP and SEH handlers via a malicious HTML page, leading to a crash or potential code execution in the context of the client application.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cryptomathic ActiveX control (TDC Digital Signature)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML email · ActiveX control must be installed and enabled

MITRE ATT&CK