Buffer Overflow Vulnerability in Trend Micro OfficeScan Web-Deployment Setup
CVE-2007-0325

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Officescan Corporate Edition; Client-server-messaging Security
Vendor: CVE Published:; 20 February 2007

Summary

The Trend Micro OfficeScan Web-Deployment Setup contains multiple buffer overflow vulnerabilities in the SetupINICtrl ActiveX control, specifically in the OfficeScanSetupINI.dll file. Attackers can exploit these vulnerabilities by creating a crafted HTML document, potentially allowing for arbitrary code execution on affected systems. This impacts users running affected builds of OfficeScan versions 7.0, 7.3, and Client / Server / Messaging Security 3.0, leading to serious security risks.

References

http://esupport.trendmicro.com/support/viewxml.do?Content...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/22585

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/784369

third-party-advisoryx_refsource_CERT-VN

EPSS Score

73% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 20, 2007
Vulnerability Reserved
Jan 17, 2007