TrendMicro OfficesScan Corporate Edition Format String Vulnerability
SecurityAlert : 1682 CVE : CVE-2006-5157 SecurityRisk : Medium (About) Remote Exploit : Yes Local Exploit : No Exploit Available : No Credit : dh layereddefense com Published : 05.10.2006
3) Description of Vulnerability A format string vulnerability was
discovered within Trendmicro OfficeScan Corporate Edition 7.3. The
vulnerability is due to improper processing of format strings within
OfficeScan Management consoles ActiveX Control "ATXCONSOLE.OCX". Specially
crafted format string passed back to the Management consoles Remote Client
Install name search would allow access to the process stack. If
successfully exploited, this could allow the user to execute code of the
attackers choice on the system running the ActiveX management Console.
Layered Defense Research, Is a group of security professionals that work
together on ethical Research, Testing and Training within the information
security arena.
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.