Description
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".
Affected products
- Trend Micro / officescancorporate_7.3 – corporate_7.3
References
- MISChttp://www.layereddefense.com/TREND01OCT.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3870
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/29308
- MISChttp://securitytracker.com/id?1016963
- MISChttp://www.kb.cert.org/vuls/id/788860
- MISChttp://www.securityfocus.com/bid/20284
- MISChttp://www.securityfocus.com/archive/1/447498/100/0/threaded
- MISChttp://securityreason.com/securityalert/1682
- VENDOR_ADVISORYhttp://secunia.com/advisories/22224