|
 |
|
OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA22224
|
|
|
Release Date:
|
2006-10-02
|
|
Last Update:
|
2006-10-12
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Trend Micro OfficeScan Corporate Edition 7.x
|
| | CVE reference: | CVE-2006-5157 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in Trend Micro OfficeScan Corporate Edition, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to a format string error within the "ATXCONSOLE.OCX" ActiveX Control. This can potentially be exploited to execute arbitrary code by sending a specially crafted string back to the Management Console's Remote Client Install name search.
The vulnerability has been reported in Trend Micro OfficeScan Corporate Edition 7.3. Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Reportedly, this has been fixed in OfficeScan Corporate Edition 7.3 Patch 1.
Provided and/or discovered by:
Deral Heiland, Layered Defense
Changelog:
2006-10-05: Added CVE reference.
2006-10-12: Added US-CERT reference.
Original Advisory:
http://www.layereddefense.com/TREND01OCT.html
Other References:
US-CERT VU#788860:
http://www.kb.cert.org/vuls/id/788860
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
8 Related Secunia Security Advisories
|
|
|
1. Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows
|
|
2. Trend Micro Scan Engine Tmxpflt.sys Privilege Escalation Vulnerability
|
|
3. Trend Micro OfficeScan CGI Modules Buffer Overflow and Authentication Bypass
|
|
4. Trend Micro Products UPX Processing Denial of Service
|
|
5. Trend Micro OfficeScan Client ActiveX Control Buffer Overflows
|
|
6. Trend Micro Products UPX Processing Buffer Overflow Vulnerability
|
|
7. Trend Micro Products RAR Processing Denial Of Service
|
|
8. Trend Micro OfficeScan Client Removal and Arbitrary File Deletion
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
