Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class Buffer Overflows - Advisories - Secunia(情報元のブックマーク数)

IT セキュリティ

TrencmicroのウイルスバスターCorp7.3系のActiveXバッファオーバーフロー脆弱性が存在するとのこと。

Elazar Broad has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control (OfficeScanRemoveCtrl.dll) on an OfficeScan client when attempting to display a list of configuration settings. These can be exploited to cause stack-based buffer overflows by passing overly long properties when a user e.g. visits a malicious web site.

Successful exploitation allows execution of arbitrary code, but requires that OfficeScan client was installed using web deployment.

The vulnerabilities are confirmed in version 7.3 build 1343(Patch 4). Other versions may also be affected.

Security Advisory SA31277 - Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class Buffer Overflows - Secunia

これとは、ちがうのかなぁ・・・

<!--
 Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control Buffer Overflow Exploit written by e.b.
 Tested on Windows XP SP2(fully patched) English, IE6 + IE7, OfficeScan 7.3 patch 4, OfficeScanRemoveCtrl.dll version 7.3.0.1020
 The control is installed when you install OfficeScan through the server web console.
 This was fixed in OfficeScan 8.x(uses strcpy_s which throws INVALID_PARAMETER, still crashes the browser though)
 Thanks to h.d.m. and the Metasploit crew
-―>

http://www.milw0rm.com/exploits/6152

関連記事

screenshot