Trend Micro OfficeScan客户端ActiveX控件远程栈溢出漏洞

Trend Micro OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan企业版Web部署SetupINI ActiveX控件（OfficeScanSetupINI.dll）在显示配置设置列表时存在栈溢出漏洞，远程攻击者可能利用此漏洞控制客户端。 如果用户受骗访问了恶意站点传送超长属性的话，就会触发这个溢出，导致执行任意指令。 Trend Micro Client/Server/Messaging Security 3.5 Trend Micro Client/Server/Messaging Security 3.0 Trend Micro Client/Server/Messaging Security 2.0 Trend Micro OfficeScan 7.3 Trend Micro OfficeScan 7.0 Trend Micro OfficeScan 6.5 临时解决方法： * 为以下CLSID设置kill bit： {08D75BB0-D2B5-11D1-88FC-0080C859833B} 或者将以下文本保存为.REG文件并导入： Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{08D75BB0-D2B5-11D1-88FC-0080C859833B}] &quot;Compatibility Flags&quot;=dword:00000400 厂商补丁： Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_securitypatch_b1241.exe" target="_blank">http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_securitypatch_b1241.exe</a> <a href="http://www.trendmicro.com/ftp/products/patches/osce_70_win_en_securitypatch_b1344.exe" target="_blank">http://www.trendmicro.com/ftp/products/patches/osce_70_win_en_securitypatch_b1344.exe</a>