SAINT CorporationSAINT:71551DF888FAC2B692FE8197DD0C6040Trend Micro OfficeScan client ActiveX control buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.4%
Added: 02/21/2007
CVE: CVE-2007-0325
BID: 22585
OSVDB: 33040
Background
Trend Micro OfficeScan is a centralized virus and security scan management system.
Problem
The OfficeScan Web-Deployment SetupINICtrl ActiveX control, which is vulnerable to buffer overflows in multiple methods, is automatically installed on any client which uses the web-based administration console. Exploitation of these buffer overflows by a malicious web page leads to command execution.
Resolution
Upgrade to OfficeScan 7.0 Build 1344, OfficeScan 7.3 Build 1241, or Client/Server/Messaging Security 3.0 Build 1197. For more information see Trend Micro solution ID 1034288.
References
<http://www.kb.cert.org/vuls/id/784369>
Limitations
Exploit works on the ActiveX control which comes with Trend Micro OfficeScan Corporate Edition 7.3. A computer with the vulnerable ActiveX control must load the exploit page in order for the exploit to succeed. The vulnerable ActiveX control is installed if the computer has previously accessed the following URL where OfficeScanServer is the IP address of the OfficeScan server:
> http://OfficeScanServer:8080/
Platforms
Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.4%