Patch closes three holes in OfficeScan Corporate Edition 7.3
According to a security advisory published by security provider Layered Security, an update for OfficeScan Corporate Addition 7.3 released a few days ago by Trend Micro, remedies a security hole in an ActiveX control. According to the bulletin, a weak point in the format string in the ATXCONSOLE.OCX control for remote management is the cause of the problem; attackers can use it to gain control of a PC.
But there is no mention of this problem in Trend Micro's change log. However, the log does describe a buffer overflow in Wizard.exe (under \PCCSRV\Web_console\RemoteInstallCGI\) and CgiRemoteInstall.exe (under \PCCSRV\Web_console\RemoteInstallCGI\). The vendor does not say whether these overflows can be used for attacks. Whatever the case, users should install the update as quickly as possible.
- OfficeScan Corporate Edition(TM) version 7.3 Patch 1 - build 1146, Patch from Determina
- Advisory:TrendMicro OfficeScan Corporate Edition 7.3, security advisory from Layered Defense
(trk)