ActiveX and ePO flaws covered by patches.
Trend Micro
‘s flagship
OfficeScan Corporate Edition 7.3
has suffered a vulnerability, allowing code execution from the local network.
The flaw, in an ActiveX control used by the client management system, was originally reported by
Layered Defense
, whose advisory is
here
. The problem was reported to
Trend
some months ago, and the announcement has been made some time after
Trend
released a patch to fix the issue, available from
here
.
Layered Defense
has rated the problem ‘medium risk’, while
Secunia
, whose alert is
here
, calls it ‘moderately critical’.
Also ‘moderately critical’ are holes in
McAfee
‘s
ePolicy Orchestrator 3.5
and
ProtectionPilot 1.1
, also known about for some time and now patched. The buffer overflow problem could allow system access to an attacker within the local network. The
Secunia
alert is
here
.
Posted on 03 October 2006 by
Virus Bulletin
Leave a Reply