CVE-2007-0325 : Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupIN

Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.

Published 2007-02-20 17:28:00

Updated 2011-03-08 02:49:16

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2007-0325

Probability of exploitation activity in the next 30 days: 83.68%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2007-0325

Trend Micro OfficeScan Client ActiveX Control Buffer Overflow

Disclosure Date: 2007-02-12

First seen: 2020-04-26

exploit/windows/browser/trendmicro_officescan

This module exploits a stack buffer overflow in Trend Micro OfficeScan Corporate Edition 7.3. By sending an overly long string to the "CgiOnUpdate()" method located in the OfficeScanSetupINI.dll Control, an attacker may be able to execute arbitrary code. Aut

More information

CVSS scores for CVE-2007-0325

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-0325

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-0325

http://www.securityfocus.com/bid/22585

Trend Micro OfficeScan Client ActiveX Control Remote Buffer Overflow Vulnerability
http://www.kb.cert.org/vuls/id/784369

US Government Resource
http://www.securitytracker.com/id?1017664

Vendor Advisory
http://www.vupen.com/english/advisories/2007/0638
http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034288

Products affected by CVE-2007-0325

Trend Micro » Officescan Corporate Edition » Version: 7.0
cpe:2.3:a:trend_micro:officescan_corporate_edition:7.0:*:*:*:*:*:*:*
Matching versions
Trend Micro » Officescan Corporate Edition » Version: 7.3
cpe:2.3:a:trend_micro:officescan_corporate_edition:7.3:*:*:*:*:*:*:*
Matching versions
Trend Micro » Client-server-messaging Security » Version: 3.0
cpe:2.3:a:trend_micro:client-server-messaging_security:3.0:*:*:*:*:*:*:*
Matching versions