In association with heise online

02 October 2006, 15:07

Patch closes three holes in OfficeScan Corporate Edition 7.3

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a security advisory published by security provider Layered Security, an update for OfficeScan Corporate Addition 7.3 released a few days ago by Trend Micro, remedies a security hole in an ActiveX control. According to the bulletin, a weak point in the format string in the ATXCONSOLE.OCX control for remote management is the cause of the problem; attackers can use it to gain control of a PC.

But there is no mention of this problem in Trend Micro's change log. However, the log does describe a buffer overflow in Wizard.exe (under \PCCSRV\Web_console\RemoteInstallCGI\) and CgiRemoteInstall.exe (under \PCCSRV\Web_console\RemoteInstallCGI\). The vendor does not say whether these overflows can be used for attacks. Whatever the case, users should install the update as quickly as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit