Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
Publish date: 31 de mayo de 2016
Gravedad: Medio
Identificadores de CVE : CVE-2008-1365
Fecha recomendada: 31 de mayo de 2016
Descripción
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1001834
Trend Micro Deep Security DPI Rule Name: 1001834 - Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
Software y versión afectados
- Trend Micro OfficeScan Corporate Edition 7.3_Patch3_build1314
- Trend Micro OfficeScan Corporate Edition 8.0_Patch2_build1189