Lucene search
SAINT CorporationSAINT:43EBAD70D2578645DB6917EC82AD3275HistoryAug 11, 2008 - 12:00 a.m.
Trend Micro OfficeScan objRemoveCtrl ActiveX buffer overflow
2008-08-1100:00:00
SAINT Corporation
www.saintcorporation.com
16
0.639 Medium
EPSS
Percentile
97.9%
Added: 08/11/2008
CVE: CVE-2008-3364
BID: 30407
OSVDB: 47213
Background
Trend Micro OfficeScan is a centralized virus and security scan management system.
Problem
A buffer overflow in the objRemoveCtrl ActiveX control, which is automatically installed when OfficeScan is installed through the server web console, allows command execution when invoked with a long, specially crafted Server property.
Resolution
Apply a security patch from Trend Micro.
References
<http://www.frsirt.com/english/advisories/2008/2220/references>
Limitations
Exploit works on the ActiveX control which comes with Trend Micro OfficeScan 7.3.
The vulnerable ActiveX component is installed by accessing the following URL: http://<OfficeScan Server>:8080/
Platforms
Windows
Related
seebug
seebug
Trend Micro产品ObjRemoveCtrl类缓冲区溢出漏洞
2008-08-12 00:00:00
cve
cve
CVE-2008-3364
2008-07-30 16:41:00
saint
saint
Trend Micro OfficeScan objRemoveCtrl ActiveX buffer overflow
2008-08-11 00:00:00
Trend Micro OfficeScan objRemoveCtrl ActiveX buffer overflow
2008-08-11 00:00:00
Trend Micro OfficeScan objRemoveCtrl ActiveX buffer overflow
2008-08-11 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Buffer overflow
2008-07-30 16:41:00
cvelist
cvelist
CVE-2008-3364
2008-07-30 16:03:00
openvas
openvas
Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Vulnerability
2008-08-22 00:00:00
Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Vulnerability
2008-08-22 00:00:00
nvd
nvd
CVE-2008-3364
2008-07-30 16:41:00
d2
d2
DSquare Exploit Pack: D2SEC_OFFICESCAN
2008-07-30 16:41:00