Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
Data de publicação: 31 maio 2016
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2008-1365
Data do informe: 31 maio 2016
Descrição
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1001834
Trend Micro Deep Security DPI Rule Name: 1001834 - Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
Software infectado e versão:
- Trend Micro OfficeScan Corporate Edition 7.3_Patch3_build1314
- Trend Micro OfficeScan Corporate Edition 8.0_Patch2_build1189