Trend Micro - Security Patches available for New Buffer Overflow Vulnerabilities
Posted
Wednesday, February 21, 2007 7:42 PM
by
hwaldron
Trend Micro has issued updates for newly discovered buffer overflow vulnerabilities in their server and client based AV products.
Trend Micro ServerProtect "StCommon.dll" and "eng50.dll" Buffer Overflow Vulnerabilities
http://www.frsirt.com/english/advisories/2007/0670
http://www.tippingpoint.com/security/advisories/TSRT-07-01.html
http://www.tippingpoint.com/security/advisories/TSRT-07-02.html
QUOTE: Multiple vulnerabilities have been identified in Trend Micro ServerProtect, which could be exploited by remote attackers to take complete control of an affected system. These issues are due to buffer overflow errors in various functions within the "StCommon.dll" and "eng50.dll" libraries, which could be exploited by remote unauthenticated attackers to execute arbitrary commands by sending specially crafted RPC requests to a vulnerable application.
Trend Micro OfficeScan Web Deployment ActiveX Remote Code Execution Vulnerability
http://www.frsirt.com/english/advisories/2007/0638
QUOTE: A vulnerability has been identified in OfficeScan Corporate Edition, which could be exploited by attackers to take complete control of an affected system. This issue is due to a buffer overflow error in the web deployment ActiveX control when handling malformed arguments passed to certain methods, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.