what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

trendmicro-activex.txt

trendmicro-activex.txt
Posted Jul 29, 2008
Authored by Elazar Broad

OfficeScan versions 7.3 build 1343 Patch 4 and below from Trend Micro suffer from an ActiveX related buffer overflow vulnerability.

tags | advisory, overflow, activex
SHA-256 | 0c2b50cf8236ae8bf547a71005cc9d2fd221cd85aa987b33776ee4ecb0137c00

trendmicro-activex.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who:
Trend Micro
http://www.trendmicro.com

What:
OfficeScan 7.3 build 1343(Patch 4) and older
http://www.trendmicro.com/download/product.asp?productid=5

How:
OfficeScan's Web Console utilizes several ActiveX controls when
deploying the product through the web interface. One of these
controls, objRemoveCtrl, is vulnerable to a stack-based buffer
overflow when embedded in a webpage. The one caveat to this issue
is that the control must be embedded in such a way that it CAN be
visible, i.e. obj = new ActiveXObject() will not work. The issue
lies in the code that is used to display certain properties and
their values on the control when it is embedded in a page.

OfficeScanRemoveCtrl.dll, version 7.3.0.1020
{5EFE8CB1-D095-11D1-88FC-0080C859833B}
Commonly located: systemdrive\Windows\Downloaded Program Files
CAB location on server: officescan install
path\OfficeScan\PCCSRV\Web_console\ClientInstall\RemoveCtrl.cab


The following properties are vulnerable:

HttpBased
LatestPatternServer
LatestPatternURL
LocalServerPort
MasterDirectory
MoreFiles
PatternFilename
ProxyLogin
ProxyPassword
ProxyPort
ProxyServer
RegistryINIFilename
Server
ServerIniFile
ServerPort
ServerSubDir
ServiceDisplayName
ServiceFilename
ServiceName
ShellExtensionFilename
ShortcutFileList
ShortcutNameList
UninstallPassword
UnloadPassword
UseProxy

Workaround:
Set the killbit for the affected control. See
http://support.microsoft.com/KB/240797

Fix:
As stated below, reportedly there are patches for this issue,
however, I have been able to exploit this issue in a test
environment running OfficeScan 7.3 patch 4(latest available patch).

Timeline:
06/27/2008 -> Vulnerability discovered and reported to iDefense
07/02/2008 <- Request for further information
07/16/2008 <- iDefense states that patches exist which resolve this
issue
07/16/2008 -> Request clarification regarding which patches resolve
this issue. No response
07/20/2008 -> Follow up regarding patches. No response
07/28/2008 - Disclosure
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAkiN/hsACgkQi04xwClgpZiTrQP+M9MX2MgvLk+HaMgmYghBRQaTG89M
bb0RywlP2UY6/P9qIk0W3AfI1UsVZUPcTduvo+/BKIR7s5M/m+VTa74lEMH5FHQ17QZ6
tAAKI/TYGl7YWG/+4Zj7n8hpjIhT7AahtjbASTwUxSv3pFet/9DMM9nrCXolR0+bsajy
nJzOnmg=
=kQK+
-----END PGP SIGNATURE-----

--
Discover hidden treasures! Click now for a new metal detector!
http://tagline.hushmail.com/fc/Ioyw6h4c5jwe35WKO72pIZH3J68Qr1p1BCzmhxGSAr9zTajkwjyaNq/

Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close