Site icon Liquidmatrix Security Digest

Trend Micro OfficeScan Web-Deployment Buffer Overflow

This problem with Trend Micro was issued yesterday.

From Secunia:

Description:
Elazar Broad has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user’s system.

The vulnerabilities are caused due to boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control (OfficeScanRemoveCtrl.dll) on an OfficeScan client when attempting to display a list of configuration settings. These can be exploited to cause stack-based buffer overflows by passing overly long properties when a user e.g. visits a malicious web site.

Successful exploitation allows execution of arbitrary code, but requires that OfficeScan client was installed using web deployment.

I can only imagine that this same problem exists in Symantec’s antivirus.

Article Link

Exit mobile version