Summary
This host is installed with Trend Micro OfficeScan and is prone to stack based buffer overflow vulnerability.
The vulnerability is due to boundary error in the CGI modules when processing specially crafted HTTP request.
Impact
Allows an attacker to execute arbitrary code, which may facilitate a complete compromise of vulnerable system.
Impact Level: Application
Solution
Apply patch
Apply patch Trend Micro OfficeScan Corporate Edition 8.0 from, http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe
Apply patch Trend Micro OfficeScan Corporate Edition 7.3 from, http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe
*****
NOTE: Ignore this warning, if above mentioned patch is already applied.
*****
Affected
TrendMicro OfficeScan Corporate Edition 7.3 Build prior to 1374.
TrendMicro OfficeScan Corporate Edition 8.0 Build prior to 3110.
References
Severity
Classification
-
CVE CVE-2008-3862 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ChaSen Buffer Overflow Vulnerability (Linux)
- Advantech Studio Multiple Buffer Overflow Vulnerabilities
- Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
- Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)