Trend Micro’s OfficeScan vulnerable
Attackers can use a vulnerability in Trend Micro’s OfficeScan to penetrate a PC via the internet, according to a Full Disclosure mailing list report by security specialist Elazar Broad. The cause of the problem is a buffer overflow in an ActiveX control for web deployment, which occurs when manipulated configuration parameters are displayed. According to the report, that makes it possible to inject and execute code in a system. The victim has to visit a manipulated website for the attack to be successful. Also, the OfficeScan client has to be installed on the network.
The affected version is 7.3 build 1343(patch 4); previous versions may also contain the vulnerability. There is still no official update. A workaround is to set a kill-bit for the vulnerable control (CLSID 5EFE8CB1-D095-11D1-88FC-0080C859833B) to prevent Internet Explorer from loading it. It is unknown whether the current version 8 contains the bug.
See also:
- Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control Buffer Overflow Vulnerability, bug report by Elazar Broad
(trk)