Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
Severity: : Medium
CVE Kennungen: : CVE-2008-1365
Advisory Date: 31 maja 2016
DESCRIPTION
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1001834
Trend Micro Deep Security DPI Rule Name: 1001834 - Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
AFFECTED SOFTWARE AND VERSION:
- Trend Micro OfficeScan Corporate Edition 7.3_Patch3_build1314
- Trend Micro OfficeScan Corporate Edition 8.0_Patch2_build1189