Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
2016年5月31日
危険度: 中
CVE識別番号: CVE-2008-1365
情報公開日: 5 31, 2016
概要
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1001834
Trend Micro Deep Security DPI Rule Name: 1001834 - Trend Micro OfficeScan CGI Password Decryption Buffer Overflow
影響を受けるソフトウェア
- Trend Micro OfficeScan Corporate Edition 7.3_Patch3_build1314
- Trend Micro OfficeScan Corporate Edition 8.0_Patch2_build1189