Trend Micro OfficeScan client ActiveX control buffer overflow

Added: 02/21/2007
CVE: CVE-2007-0325
BID: 22585
OSVDB: 33040

Background

Trend Micro OfficeScan is a centralized virus and security scan management system.

Problem

The OfficeScan Web-Deployment SetupINICtrl ActiveX control, which is vulnerable to buffer overflows in multiple methods, is automatically installed on any client which uses the web-based administration console. Exploitation of these buffer overflows by a malicious web page leads to command execution.

Resolution

Upgrade to OfficeScan 7.0 Build 1344, OfficeScan 7.3 Build 1241, or Client/Server/Messaging Security 3.0 Build 1197. For more information see Trend Micro solution ID 1034288.

References

http://www.kb.cert.org/vuls/id/784369

Limitations

Exploit works on the ActiveX control which comes with Trend Micro OfficeScan Corporate Edition 7.3. A computer with the vulnerable ActiveX control must load the exploit page in order for the exploit to succeed. The vulnerable ActiveX control is installed if the computer has previously accessed the following URL where OfficeScanServer is the IP address of the OfficeScan server:
http://OfficeScanServer:8080/

Platforms

Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2

Back to exploit index