A vulnerability has been identified in OfficeScan Corporate Edition,
which could be exploited by attackers to take complete control of an
affected system. This issue is due to a buffer overflow error in the
web deployment ActiveX control when handling malformed arguments passed
to certain methods, which could be exploited by remote attackers to
execute arbitrary commands by tricking a user into visiting a specially
crafted web page.
Note : This issue does not affect OfficeScan clients installed from the OfficeScan Management Console page.
Affected Products
Trend Micro OfficeScan Corporate Edition version 7.0
Trend Micro OfficeScan Corporate Edition version 7.3
Solution
Apply patch for osce version 7.0 :
http://www.trendmicro.com/ftp/products/patches/osce_70_win_en_securitypatch_b1344.exeApply patch for osce version 7.3 :
http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_securitypatch_b1241.exe