Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
Schweregrad:: Mittel
CVE Kennungen:: CVE-2008-1365
Hinweisdatum: 31 Mai 2016
Beschreibung
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1001834
Trend Micro Deep Security DPI Rule Name: 1001834 - Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
Betroffene Software und Version:
- Trend Micro OfficeScan Corporate Edition 7.3_Patch3_build1314
- Trend Micro OfficeScan Corporate Edition 8.0_Patch2_build1189