BID:30407

Trend Micro OfficeScan 'OfficeScanRemoveCtrl.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Info

Trend Micro OfficeScan 'OfficeScanRemoveCtrl.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	30407
Class:	Boundary Condition Error
CVE:	CVE-2008-3364
Remote:	Yes
Local:	No
Published:	Jul 28 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	Elazar Broad <[email protected]>
Vulnerable:	Trend Micro Worry-Free Business Security 5.0 Trend Micro OfficeScan Corporate Edition 8.0 Trend Micro OfficeScan Corporate Edition 7.3 Trend Micro OfficeScan Corporate Edition 7.0 Trend Micro Client Server Messaging Security for SMB 3.6 Trend Micro Client Server Messaging Security for SMB 3.5

Not Vulnerable:

Discussion

Trend Micro OfficeScan 'OfficeScanRemoveCtrl.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

A Trend Micro OfficeScan ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities.

An attacker can exploit these issues by enticing a victim into viewing a malicious web page. A successful exploit will allow attacker-supplied code to run in the context of the currently logged-in user.

The following products are vulnerable:

OfficeScan 7.0
OfficeScan 7.3
OfficeScan 8.0
Worry-Free Business Security 5.0
Client Server Messaging Security for SMB 3.5
Client Server Messaging Security for SMB 3.6

Exploit / POC

Trend Micro OfficeScan 'OfficeScanRemoveCtrl.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Trend Micro OfficeScan 'OfficeScanRemoveCtrl.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Solution:
The vendor has released updates and an advisory. Please see the references for more information.

References

Trend Micro OfficeScan 'OfficeScanRemoveCtrl.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

References:

[Full-disclosure] Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control Buffer Ov (Elazar Broad )
Microsoft Knowledge Base Article 240797 (Microsoft)
Re: [Full-disclosure] Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control Buffe (Elazar Broad (elazarhushmail.com))
Trend Micro OfficeScan Homepage (Trend Micro)
Trend Micro OfficeScan ActiveX Buffer Overflow Issue (Trend Micro)