• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Trend Micro OfficeScan Wizard and CgiRemoteInstall Multiple Buffer Overflow Vulnerabilities

Trend Micro OfficeScan is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of data in unspecified arguments before copying it into finite-sized internal memory buffers.

An attacker can exploit these issues to execute arbitrary code with administrative privileges within the context of the OfficeScan Server application. This may facilitate the compromise of affected servers.

Trend Micro OfficeScan versions prior to and including 6.5 and 7.3 are confirmed affected by these issues.