Short Name |
HTTP:STC:CLSID:ACTIVEX:TREND-AX |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Trend Micro OfficeScan ActiveX Control Buffer Overflow |
Release Date |
2007/02/28 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Trend Micro OfficeScan. An attacker can create a malicious Web page containing dangerous ActiveX calls, which if visited, can allow the attacker to gain control of the victim's system.
Trend Micro OfficeScan Client is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.