5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.222 Low
EPSS
Percentile
96.5%
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the “Management Console’s Remote Client Install name search”.
CPE | Name | Operator | Version |
---|---|---|---|
trend_micro:officescan | trend micro officescan | eq | corporate_7.3 |
secunia.com/advisories/22224
securityreason.com/securityalert/1682
securitytracker.com/id?1016963
www.kb.cert.org/vuls/id/788860
www.layereddefense.com/TREND01OCT.html
www.securityfocus.com/archive/1/447498/100/0/threaded
www.securityfocus.com/bid/20284
www.vupen.com/english/advisories/2006/3870
exchange.xforce.ibmcloud.com/vulnerabilities/29308