Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

TrendMicro OfficeScan Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for OfficeScan stack overflows

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server is vulnerable to remote code execution.

Description :

The remote host appears to be running Trend Micro OfficeScan Server.

This version of OfficeScan is vulnerable to multiple stack overflows in
CGI programs which may allow a remote attacker to execute code in
the context of the remote server.

Note that OfficeScan server under Windows runs with SYSTEM rights,
which means a possible hacker can gain complete control of the affected host.

In addition, there is a format string vulnerability in the
'ATXCONSOLE.OCX' ActiveX Control that may allow for remote code
execution via malicious input to the console's Remote Client Install
name search as well as flaws that might allow for removal of the
OfficeScan client or arbitrary files from the remote host.

Solution :

TrendMicro has released 2 patches for OfficeScan 7.3:

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.