[오피스스캔] 버퍼오버플로우 패치 2392

오피스스캔의 서버/클라이언트 통신 모듈에 대한 Buffer Overflow Vulnerability 패치가 나왔습니다.
영문/한글 모두 적용가능합니다.

오피스스캔 8.0 (먼저 sp1으로 업그레이드 하셔야 합니다.)
OSCE_8.0_SP1_Win_EN_CriticalPatch_B2392.exe

오피스스캔 7.3
OSCE_7.3_Win_EN_CriticalPatch_B1355.exe

오피스스캔 7.0
OSCE_7.0_Win_EN_CriticalPatch_B1395.exe

이 패치에 관한 설명입니다.
   This critical patch addresses a buffer overflow vulnerability in
   an OfficeScan ActiveX control that an attacker can exploit.

   OfficeScan clients can be installed from the OfficeScan Web
   console logon screen. The OfficeScan server utilizes several
   ActiveX controls when deploying the product through the Web
   console interface and the local machine caches these controls.
   One of these controls, “objRemoveCtrl”, is vulnerable to a
   stack-based buffer overflow when embedded in a Web page.
  
   An attacker can exploit this vulnerablity by enticing a victim
   into viewing a malicious Web page. A successful exploit will allow
   attacker-supplied code to run in the context of the currently
   logged-on user.

보다 더 자세한 설명보기 :  ReadMe