製品・ソフトウェアに関する情報

JVN脆弱性詳細

Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX コントロールにおけるバッファオーバーフローの脆弱性

Title	Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX コントロールにおけるバッファオーバーフローの脆弱性
Summary	OfficeScan および Client / Server / Messaging Security OfficeScanSetupINI.dll で使用されている Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX コントロールには、バッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された HTML 文書を介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 12, 2007, midnight
Registration Date	Dec. 20, 2012, 6:19 p.m.
Last Update	Dec. 20, 2012, 6:19 p.m.

Affected System

トレンドマイクロ

Client Server Messaging Security Build 1197 未満の 3.0

Trend Micro OfficeScan Corporate Edition Build 1344 未満の 7.0、および Build 1241 未満の 7.3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-0325	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0325
National Vulnerability Database (NVD)
2	CVE-2007-0325	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0325

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
trendmicro
1	Security Patch - Build 1344 SetupINI modules	http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt

その他

No	Name	URL
US-CERT Vulnerability Note
1	VU#784369	http://www.kb.cert.org/vuls/id/784369

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-0325

Summary	Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.
Summary	Múltiples desbordamientos de búfer en el control ActiveX Trend Micro OfficeScan Web-Deployment SetupINICtrl en OfficeScanSetupINI.dll, como ha sido usado en OfficeScan 7.0 anterior a Build 1344, OfficeScan 7.3 anetrior a Build 1241, y Client / Server / Messaging Security 3.0 anterior a Build 1197, permite a atacantes remotos ejecutar código de su elección mediante un documento HTML artesanal.
Publication Date	Feb. 21, 2007, 2:28 a.m.
Registration Date	Jan. 29, 2021, 2:05 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:trend_micro:client-server-messaging_security:3.0:::::::*
cpe:2.3:a:trend_micro:officescan_corporate_edition:7.0:::::::*
cpe:2.3:a:trend_micro:officescan_corporate_edition:7.3:::::::*

Related information, measures and tools

No	URL	refsource
1	http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034288	cret@cert.org
2	http://osvdb.org/33040	cret@cert.org
3	http://secunia.com/advisories/24193	cret@cert.org
4	http://www.kb.cert.org/vuls/id/784369	cret@cert.org
5	http://www.securityfocus.com/bid/22585	cret@cert.org
6	http://www.securitytracker.com/id?1017664	cret@cert.org
7	http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt	cret@cert.org
8	http://www.vupen.com/english/advisories/2007/0638	cret@cert.org
9	http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034288	af854a3a-2127-422b-91ae-364da2661108
10	http://osvdb.org/33040	af854a3a-2127-422b-91ae-364da2661108
11	http://secunia.com/advisories/24193	af854a3a-2127-422b-91ae-364da2661108
12	http://www.kb.cert.org/vuls/id/784369	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/bid/22585	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securitytracker.com/id?1017664	af854a3a-2127-422b-91ae-364da2661108
15	http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt	af854a3a-2127-422b-91ae-364da2661108
16	http://www.vupen.com/english/advisories/2007/0638	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html