Показано с 1 по 2 из 2.

Trend Micro OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String Vulnerability

  1. #1
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Shu_b
    Регистрация
    02.11.2004
    Сообщений
    3,553
    Вес репутации
    1636

    Trend Micro OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String Vulnerability

    Trend Micro OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String Vulnerability
    Secunia Advisory: SA22224 Release Date: 2006-10-02

    Ошибка форматной строки в ActiveX TrendMicro OfficeScan (format string) (в библиотеке элементов управления ATXCONSOLE.OCX).
    security.nnov.ru

    Critical: Moderately critical
    Impact: DoS; System access
    Where: From local network
    Solution Status: Vendor Patch

    Software: Trend Micro OfficeScan Corporate Edition 7.x


    Description:
    A vulnerability has been reported in Trend Micro OfficeScan Corporate Edition, which can be exploited by malicious people to potentially compromise a user's system.

    The vulnerability is caused due to a format string error within the "ATXCONSOLE.OCX" ActiveX Control. This can potentially be exploited to execute arbitrary code by sending a specially crafted string back to the Management Console's Remote Client Install name search.

    The vulnerability has been reported in Trend Micro OfficeScan Corporate Edition 7.3. Other versions may also be affected.

    Solution: Reportedly, this has been fixed in OfficeScan Corporate Edition 7.3 Patch 1.

    Provided and/or discovered by: Deral Heiland, Layered Defense
    Original Advisory: http://www.layereddefense.com/TREND01OCT.html
    Последний раз редактировалось Shu_b; 03.10.2006 в 11:08.

  2. Реклама
     

  3. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Shu_b
    Регистрация
    02.11.2004
    Сообщений
    3,553
    Вес репутации
    1636

    Trend Micro OfficeScan Client Removal and Arbitrary File Deletion

    Trend Micro OfficeScan Client Removal and Arbitrary File Deletion
    Secunia Advisory: SA22156 Release Date: 2006-10-03

    Critical: Moderately critical
    Impact:
    Manipulation of data; DoS
    Where: From local network
    Solution Status: Vendor Patch

    Software:

    Trend Micro OfficeScan Corporate Edition 6.x
    Trend Micro OfficeScan Corporate Edition 7.x

    Description:
    Some vulnerabilities have been reported in Trend Micro OfficeScan Corporate Edition, which can be exploited by malicious people to cause a DoS (Denial of Service) or delete arbitrary files on a vulnerable system.

    The vulnerabilities are caused due to unspecified errors within the OfficeScan CGI application. This can be exploited to silently remove OfficeScan clients or delete arbitrary files on an affected OfficeScan server by sending a specially crafted HTTP POST or GET request.

    Solution:
    OfficeScan Corporate Edition 6.5: http://www.trendmicro.com/ftp/produc...atch_b1418.exe
    OfficeScan Corporate Edition 7.0: http://www.trendmicro.com/ftp/produc...atch_b1257.exe
    OfficeScan Corporate Edition 7.3: http://www.trendmicro.com/ftp/produc...atch_b1053.exe

    Provided and/or discovered by: Reported by the vendor.

    Original Advisory: http://www.trendmicro.com/download/p...sp?productid=5

Похожие темы

  1. Обзор Trend Micro OfficeScan Client-Server Edition
    От ALEX(XX) в разделе Антивирусы
    Ответов: 0
    Последнее сообщение: 24.06.2010, 00:17
  2. Quake 4, Doom 3, Prey 1.3 Engine Format String Vulnerability
    От Shu_b в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 03.10.2007, 08:42
  3. Apache HTTP Server mod_tcl set_var Format String Vulnerability
    От Shu_b в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 16.10.2006, 09:02
  4. Ответов: 3
    Последнее сообщение: 03.08.2006, 12:02
  5. McAfee WebShield SMTP Format String Vulnerability
    От Shu_b в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 05.04.2006, 08:26

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00668 seconds with 18 queries