Trend Micro OfficeScan客户端ActiveX控件远程栈溢出漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

Trend Micro OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan企业版Web部署SetupINI ActiveX控件(OfficeScanSetupINI.dll)在显示配置设置列表时存在栈溢出漏洞,远程攻击者可能利用此漏洞控制客户端。 如果用户受骗访问了恶意站点传送超长属性的话,就会触发这个溢出,导致执行任意指令。 Trend Micro Client/Server/Messaging Security 3.5 Trend Micro Client/Server/Messaging Security 3.0 Trend Micro Client/Server/Messaging Security 2.0 Trend Micro OfficeScan 7.3 Trend Micro OfficeScan 7.0 Trend Micro OfficeScan 6.5 临时解决方法: * 为以下CLSID设置kill bit: {08D75BB0-D2B5-11D1-88FC-0080C859833B} 或者将以下文本保存为.REG文件并导入: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{08D75BB0-D2B5-11D1-88FC-0080C859833B}] &quot;Compatibility Flags&quot;=dword:00000400 厂商补丁: Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_securitypatch_b1241.exe" target="_blank">http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_securitypatch_b1241.exe</a> <a...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息