Posted by Virus Bulletin on Oct 3, 2006
ActiveX and ePO flaws covered by patches.
Trend Micro's flagship OfficeScan Corporate Edition 7.3 has suffered a vulnerability, allowing code execution from the local network.
The flaw, in an ActiveX control used by the client management system, was originally reported by Layered Defense, whose advisory is here. The problem was reported to Trend some months ago, and the announcement has been made some time after Trend released a patch to fix the issue, available from here.
Layered Defense has rated the problem 'medium risk', while Secunia, whose alert is here, calls it 'moderately critical'.
Also 'moderately critical' are holes in McAfee's ePolicy Orchestrator 3.5 and ProtectionPilot 1.1, also known about for some time and now patched. The buffer overflow problem could allow system access to an attacker within the local network. The Secunia alert is here.
Posted on 03 October 2006 by Virus Bulletin
