CERT-In Vulnerability Note CIVN-2008-115
Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class Buffer Overflow Vulnerabilities
Original Issue Date:
August 05, 2008
Severity Rating:
High
System Affected
- Trend Micro OfficeScan Corporate Edition 7.x
Overview
Multiple Buffer Overflow vulnerabilities have been reported in Trend Micro OfficeScan ObjRemoveCtrl ActiveX control. This vulnerability could be exploited by a remote attacker to gain access into a vulnerable system by executing arbitrary code.
Description
Trend Micro OfficeScan's Web Console utilizes several ActiveX controls when deploying the product through the web interface. An ActiveX control named “ objRemoveCtrl ” in OfficeScanRemoveCtrl.dll is vulnerable to a stack-based buffer overflows when embedded within a webpage.
A remote attacker could exploit this vulnerability, by enticing a user to visit a specially crafted web page that passes an overly long argument to the vulnerable properties, which causes the buffer to overflow and leads to the execution of arbitrary code on the system.
Workaround
Set the kill-bit for the affected ActiveX control.
For more information about how to set the kill bit:
http://support.microsoft.com/KB/240797
References
NEOHAPSIS http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0509.html
X-Force
http://xforce.iss.net/xforce/xfdb/44042
FrSIRT
http://www.frsirt.com/english/advisories/2008/2220/references
SecurityTracker http://securitytracker.com/alerts/2008/Jul/1020569.html
Secunia
http://secunia.com/advisories/31277/
SecurityFocus
http://www.securityfocus.com/bid/30407/info
CVE Name
CVE-2008-3364
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
