Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0325 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Micro Client-server-messaging Security

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

75.7%

top 1.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Client-server-messaging Security Trend Micro Officescan Corporate Edition

Timeline

PublishedFeb 20

Latest updateMay 1

Description

Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDtrend_micro/client-server-messaging_security3.0

▶NVDtrend_micro/officescan_corporate_edition7.0, 7.3+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-h6cv-p53v-m2qx: Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI↗2022-05-01

▶

CVEList

CVE-2007-0325: Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI↗2007-02-20

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro OfficeScan - Client ActiveX Control Buffer Overflow (Metasploit)↗2010-05-09

▶