Check Point Advisories

Update Protection against Trend Micro OfficeScan CGI Password Decryption Buffer Overflow Vulnerability

Check Point Reference: CPAI-2008-128
Date Published: 9 May 2008
Severity: Medium
Last Updated: Tuesday 05 August, 2008
Source: Secunia Advisory: SA29124
Industry Reference:CVE-2008-1366
Protection Provided by:
Who is Vulnerable? Trend Micro OfficeScan Corporate Edition 7.3 Patch 3 Build 1314 and prior
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 Build 1189 and prior
Vulnerability Description A buffer overflow vulnerability exists in Trend Micro OfficeScan. Trend Micro OfficeScan is a centralized virus and security scan management system. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. Successful exploitation may allow the attacker to take complete control of the affected system.
Update/Patch AvaliableApply patches:
OfficeScan 6.5
OfficeScan 7.0
OfficeScan 7.3
Vulnerability DetailsThe vulnerability is due to a boundary error in the Trend Micro OfficeScan Policy server that fails to properly handle HTTP requests. An attacker might trigger this flaw by specially crafting a malicious HTTP request and sending it to the target server. Successful exploitation of this issue will allow the attacker to execute arbitrary code on the vulnerable system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.