CVE-2006-5157 — Use of Externally-Controlled Format String in Micro Officescan

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

19.0%

top 4.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Officescan

Timeline

PublishedOct 5

Latest updateMay 1

Description

Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDtrend_micro/officescancorporate_7.3

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.layereddefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-qwcf-2fhq-7mmv: Format string vulnerability in the ActiveX control (ATXCONSOLE↗2022-05-01

▶

CVEList

CVE-2006-5157: Format string vulnerability in the ActiveX control (ATXCONSOLE↗2006-10-03

▶