ID de Prueba:	1.3.6.1.4.1.25623.1.0.900016
Categoría:	Buffer overflow
Título:	Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Vulnerability
Resumen:	Trend Micro OfficeScan is prone to an ActiveX control buffer; overflow vulnerability.
Descripción:	Summary: Trend Micro OfficeScan is prone to an ActiveX control buffer overflow vulnerability. Vulnerability Insight: The flaws are due to an error in objRemoveCtrl control, which is used to display certain properties (eg., Server, ServerIniFile etc..) and their values when it is embedded in a web page. These property values can be overflowed to cause stack based overflow. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code. Affected Software/OS: OfficeScan 7.3 build 1343 (Patch 4) and prior on Windows (All). Trend Micro Worry-Free Business Security (WFBS) version 5.0 Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 Solution: Upgrade to OfficeScan 10 or later. Quick Fix: Set killbits for the following clsid's {5EFE8CB1-D095-11D1-88FC-0080C859833B} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3364 BugTraq ID: 30407 http://www.securityfocus.com/bid/30407 https://www.exploit-db.com/exploits/6152 http://www.securitytracker.com/id?1020569 http://secunia.com/advisories/31277 http://secunia.com/advisories/31440 http://securityreason.com/securityalert/4061 http://www.vupen.com/english/advisories/2008/2220/references XForce ISS Database: trendmicro-officescan-objremovectrl-bo(44042) https://exchange.xforce.ibmcloud.com/vulnerabilities/44042
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.