In association with heise online

30 July 2008, 14:10

Trend Micro’s OfficeScan vulnerable

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers can use a vulnerability in Trend Micro’s OfficeScan to penetrate a PC via the internet, according to a Full Disclosure mailing list report by security specialist Elazar Broad. The cause of the problem is a buffer overflow in an ActiveX control for web deployment, which occurs when manipulated configuration parameters are displayed. According to the report, that makes it possible to inject and execute code in a system. The victim has to visit a manipulated website for the attack to be successful. Also, the OfficeScan client has to be installed on the network.

The affected version is 7.3 build 1343(patch 4); previous versions may also contain the vulnerability. There is still no official update. A workaround is to set a kill-bit for the vulnerable control (CLSID 5EFE8CB1-D095-11D1-88FC-0080C859833B) to prevent Internet Explorer from loading it. It is unknown whether the current version 8 contains the bug.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit