Intrusion Prevention

TrendMicro.OfficeScan.Atxconsole.ActiveX.Control.Format.String

Description

This indicates a possible exploit of a format string vulnerability in TrendMicro OfficeScan Corporate Edition (OSCE).
This flaw is due to a format string error in the "ATXCONSOLE.OCX" ActiveX control when handling a specially crafted parameter passed to the Management Console's Remote Client Install name search.

Affected Products

Trend Micro OfficeScan Corporate Edition version 7.3 and prior.

Impact

The execution of arbitrary code on the system.

Recommended Actions

Upgrade to Trend Micro OfficeScan Corporate Edition 7.3 Patch 1 :
http://www.trendmicro.com/download/product.asp?productid=5

CVE References

CVE-2006-5157