Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This Remote host is installed with Trend Micro OfficeScan, which is prone to ActiveX control buffer overflow vulnerability.
Insight
Insight
The flaws are due to an error in objRemoveCtrl control, which is used to display certain properties (eg., Server, ServerIniFile etc..) and their values when it is embedded in a web page. These property values can be overflowed to cause stack based overflow.
Affected Software
Affected Software
OfficeScan 7.3 build 1343 (Patch 4) and prior on Windows (All). Trend Micro Worry-Free Business Security (WFBS) version 5.0 Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6
Solution
Solution
Upgrade to OfficeScan 10 or later. Quick Fix: Set killbits for the following clsid's {5EFE8CB1-D095-11D1-88FC-0080C859833B}