| Description: | | There exists a buffer overflow vulnerability in the Trend Micro OfficeScan Client ActiveX control. The flaw is due the lack of proper boundary checks on the user-supplied data to the vulnerable ActiveX control OfficeScanSetupINICtrl. Successful exploitation of this vulnerability can allow for arbitrary code execution within the security context of the currently logged in user. In a simple attack case, the web browser application (Internet Explorer) will terminate immediately when the malicious page is opened. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the currently logged in user. |