CVE-2008-1365

2008-03-1722:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1365

trend micro

officescan

buffer overflow

vulnerability

remote code execution

denial of service

nvd

8.1 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.243 Low

EPSS

Percentile

96.6%

JSON

Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

CPENameOperatorVersion
trend_micro:officescan_corporate_editiontrend micro officescan corporate editionle7.3_patch3_build1314
trend_micro:officescan_corporate_editiontrend micro officescan corporate editionle8.0_patch2_build1189

CPE	Name	Operator	Version
trend_micro:officescan_corporate_edition	trend micro officescan corporate edition	le	7.3_patch3_build1314
trend_micro:officescan_corporate_edition	trend micro officescan corporate edition	le	8.0_patch2_build1189