Trend Micro OfficeScan 'ATXCONSOLE.OCX' ActiveX控件格式串处理漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193302 漏洞类型 格式化字符串
发布时间 2006-10-05 更新时间 2006-10-09
CVE编号 CVE-2006-5157 CNNVD-ID CNNVD-200610-061
漏洞平台 N/A CVSS评分 5.1
|漏洞来源
https://cxsecurity.com/issue/WLB-2006100048
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-061
|漏洞详情
TrendMicroOfficeScan是一种针对整个网段的分布式杀毒软件。TrendMicroOfficeScan企业版的管理控制台ActiveX控件ATXCONSOLE.OCX没有正确地处理格式串,返回给管理控制台的远程客户端安装名称搜索的特制格式串可能允许访问进程栈。如果成功利用的话,用户可能在运行ActiveX管理控制台的系统上执行任意代码。
|漏洞EXP
Layered Defense Research Advisory 1 October 2006

==================================================

1) Affected Software TrendMicro OfficeScan Corporate Edition 7.3

==================================================

2) Severity

Rating: Medium risk

Impact: Execution of arbitrary code, potential remote exploit, and denial of service.

==================================================

3) Description of Vulnerability A format string vulnerability was discovered within Trendmicro OfficeScan Corporate Edition 7.3. The vulnerability is due to improper processing of format strings within OfficeScan Management consoles ActiveX Control "ATXCONSOLE.OCX". Specially crafted format string passed back to the Management consoles Remote Client Install name search would allow access to the process stack. If successfully exploited, this could allow the user to execute code of the attackers choice on the system running the ActiveX management Console.

==================================================

4) Solution The solutions to fix this vulnerability is addressed by OfficeScan Corporate Edition 7.3 Patch 1

http://www.trendmicro.com/download/product.asp?productid=5

==================================================

5) Time Table

06/27/2006 -- Reported Vulnerability to Vendor.

06/30/2006 -- Vendor supplied hot fix to Layered Defense for testing.

09/21/2006 -- Vendor releases fix in Patch 1 to public.

==================================================

6) Credits Discovered by Deral Heiland, www.LayeredDefense.com

==================================================

7) About Layered Defense Research

Layered Defense Research, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena.

http://www.layereddefense.com

==================================================
|参考资料

来源:VU#788860
名称:VU#788860
链接:http://www.kb.cert.org/vuls/id/788860
来源:BID
名称:20284
链接:http://www.securityfocus.com/bid/20284
来源:BUGTRAQ
名称:20061001LayeredDefenseAdvisory:TrendMicroOfficesScanCorporateEditionFormatStringVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/447498/100/0/threaded
来源:MISC
链接:http://www.layereddefense.com/TREND01OCT.html
来源:SECTRACK
名称:1016963
链接:http://securitytracker.com/id?1016963
来源:SECUNIA
名称:22224
链接:http://secunia.com/advisories/22224
来源:XF
名称:officescan-atxconsole-format-string(29308)
链接:http://xforce.iss.net/xforce/xfdb/29308
来源:VUPEN
名称:ADV-2006-3870
链接:http://www.frsirt.com/english/advisories/2006/3870
来源:SREASON
名称:1682
链接:http://securityreason.com/securityalert/1682