Detections
Analytics

Trend Micro OfficeScan OfficeScanSetupINI.dll Remote Buffer Overflow

high Nessus Plugin ID 24683

Synopsis

The remote Windows host is affected by a remote buffer overflow vulnerability.

Description

The remote host is running Trend Micro Antivirus, a commercial anti- virus software package for Windows.

The remote version of the installed antivirus is vulnerable to a remote buffer overflow attack.

The issue exists due a vulnerability in the ActiveX control installed by the OfficeScan server during a web install of the OfficeScan clients. The clients cache this ActiveX control, which can be exploited by a malicious website. The attacker can trigger this issue by enticing a user to click on a malicious link or sending the link in an email and urging the user to click on it. Successful exploitation of this issue might result in arbitrary code execution.

Solution

Apply the security patch released by the vendor.

See Also

http://www.nessus.org/u?62e87258

http://www.nessus.org/u?14064dc2

http://www.nessus.org/u?2b2f278b

http://www.nessus.org/u?ad4ca3ae

Plugin Details

Severity: High

ID: 24683

File Name: trendmicro_ofscan_buffer_overflow.nasl

Version: 1.24

Type: local

Agent: windows

Family: Windows

Published: 2/21/2007

Updated: 8/3/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan_corporate_edition

Required KB Items: Antivirus/TrendMicro/installed, Antivirus/TrendMicro/trendmicro_program_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/12/2007

Vulnerability Publication Date: 2/12/2007

Exploitable With

Metasploit (Trend Micro OfficeScan Client ActiveX Control Buffer Overflow)

Reference Information

CVE: CVE-2007-0325

BID: 22585

CWE: 119