Trend Micro OfficeScan ActiveX Buffer Overflow Issue
 

Solution ID:

 EN-1037899

Product:

 Client Server Messaging Security for SMB - 3.5, 3.6; OfficeScan - 7.3, 8.0; Worry-Free Business Security - 5.0; OfficeScan - 7.0
Operating System:
 SP 6a; Windows 2000 Server - SP4; Windows NT 4.0; Windows Server 2003 Standard Edition - SP1; Windows Vista; Windows XP; Windows 2000 Advanced Server - SP4

Published:

 4/22/2009 7:41 PM 
 

Problem:

Trend Micro OSCE Vulnerability Disclosure

 

Solution:
Public
 

I.

Description:
 

Trend Micro has become aware of an issue that affects some versions of Trend Micro OfficeScan (OSCE) whereby a remote user could cause a buffer overflow and execute arbitrary code in the context of the currently logged-in user.
   

II.

Products Affected:
 

This issue affects the following Trend Micro products and versions:
 

Trend Micro OfficeScan (OSCE) versions 7.0, 7.3, and 8.0
 

Trend Micro Worry-Free Business Security (WFBS) version 5.0
 

Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6
   

III.

Background:
 

The OfficeScan Web Console utilizes several ActiveX controls when deploying the product through its Web interface. One of these controls, objRemoveCtrl, has been found to be vulnerable to a stack-based buffer overflow when embedded in a webpage. An attacker could exploit these issues by enticing a victim into viewing a malicious web page. A successful exploit would allow attacker-supplied code to run in the context of the currently logged-in user.
   

IV.

Impact:
 

A potential attacker could exploit this issue and execute arbitrary code with the user’s privileges or entice them to visit a malicious webpage.
   
 

Please note that only clients that were installed via the Web console would be vulnerable due to the downloaded ActiveX control. Clients installed via other methods would not be affected.
   

V.

Workaround:
 

A temporary workaround has been identified for this issue. Administrators may set the kill bit to prevent the objRemoveCtrl from running in Internet Explorer.
   
 

For more information, please read the following information from Microsoft:
 

How to stop an ActiveX control from running in Internet Explorer
   

VI.

Permanent Solution:
 

To address this issue, Trend Micro has released the following patches for the affected products and versions as listed below:
 

Trend Micro OfficeScan 7.0 Critical Patch - Build 1395 Server and Client Module
 

Trend Micro OfficeScan 7.3 Critical Patch - Build 1355 Server and Client Module
 

Trend Micro OfficeScan 8.0 Critical Patch - Build 1347 Server and Client Module
 

Trend Micro OfficeScan 8.0 Service Pack 1 Critical Patch - Build 2392 Server and Client Module
 

Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1 Critical Patch - Build 3034 Server and Client
 

Worry-Free Business Security 5.0 - Client/Server Security Agent Critical Patch - Build 1400
 

Trend Micro Client Server Messaging Security 3.5 Critical Patch - Build 1167 Server and Client
 

Trend Micro Client Server Messaging Security 3.6 Critical Patch - Build 1190 Server and Client
 

If you are still having error messages after this latest update, please contact your local Trend Micro Technical Support for additional assistance.

  
Rate this Solution
Did this article help you?
   Yes       No
Comments:
This form uses an automated system and does not provide feedback.