Trend Micro OfficeScan OfficeScanSetupINI.dll Remote Buffer Overflow

High Nessus Plugin ID 24683


The remote Windows host is affected by a remote buffer overflow vulnerability.


The remote host is running Trend Micro Antivirus, a commercial anti- virus software package for Windows.

The remote version of the installed antivirus is vulnerable to a remote buffer overflow attack.

The issue exists due a vulnerability in the ActiveX control installed by the OfficeScan server during a web install of the OfficeScan clients. The clients cache this ActiveX control, which can be exploited by a malicious website. The attacker can trigger this issue by enticing a user to click on a malicious link or sending the link in an email and urging the user to click on it. Successful exploitation of this issue might result in arbitrary code execution.


Apply the security patch released by the vendor.

See Also

Plugin Details

Severity: High

ID: 24683

File Name: trendmicro_ofscan_buffer_overflow.nasl

Version: $Revision: 1.21 $

Type: local

Agent: windows

Family: Windows

Published: 2007/02/21

Modified: 2016/06/13

Dependencies: 16192, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan_corporate_edition

Required KB Items: Antivirus/TrendMicro/installed, Antivirus/TrendMicro/trendmicro_program_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/02/12

Vulnerability Publication Date: 2007/02/12

Exploitable With

Metasploit (Trend Micro OfficeScan Client ActiveX Control Buffer Overflow)

Reference Information

CVE: CVE-2007-0325

BID: 22585

OSVDB: 33040

CWE: 119