Test Kennung:	1.3.6.1.4.1.25623.1.0.900016
Kategorie:	Buffer overflow
Titel:	Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Vulnerability
Zusammenfassung:	Trend Micro OfficeScan is prone to an ActiveX control buffer; overflow vulnerability.
Beschreibung:	Summary: Trend Micro OfficeScan is prone to an ActiveX control buffer overflow vulnerability. Vulnerability Insight: The flaws are due to an error in objRemoveCtrl control, which is used to display certain properties (eg., Server, ServerIniFile etc..) and their values when it is embedded in a web page. These property values can be overflowed to cause stack based overflow. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code. Affected Software/OS: OfficeScan 7.3 build 1343 (Patch 4) and prior on Windows (All). Trend Micro Worry-Free Business Security (WFBS) version 5.0 Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 Solution: Upgrade to OfficeScan 10 or later. Quick Fix: Set killbits for the following clsid's {5EFE8CB1-D095-11D1-88FC-0080C859833B} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3364 BugTraq ID: 30407 http://www.securityfocus.com/bid/30407 https://www.exploit-db.com/exploits/6152 http://www.securitytracker.com/id?1020569 http://secunia.com/advisories/31277 http://secunia.com/advisories/31440 http://securityreason.com/securityalert/4061 http://www.vupen.com/english/advisories/2008/2220/references XForce ISS Database: trendmicro-officescan-objremovectrl-bo(44042) https://exchange.xforce.ibmcloud.com/vulnerabilities/44042
Copyright	Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.