Trend Micro OfficeScan is a centralized virus and security scan management system.
A buffer overflow in the objRemoveCtrl ActiveX control, which is automatically installed when OfficeScan is installed through the server web console, allows command execution when invoked with a long, specially crafted Server property.
Apply a security patch from Trend Micro.
Exploit works on the ActiveX control which comes with Trend Micro OfficeScan 7.3.
The vulnerable ActiveX component is installed by accessing the following URL: http://<OfficeScan Server>:8080/