CVE-2008-2437

2008-09-1622:00:00

CWE-119

[email protected]

web.nvd.nist.gov

trend micro

officescan

buffer overflow

remote code execution

cve-2008-2437

nvd

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.821 High

EPSS

Percentile

98.3%

JSON

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.

CPENameOperatorVersion
trend_micro:client-server-messaging_securitytrend micro client-server-messaging securityeq3.5
trend_micro:officescantrend micro officescaneq7.3
trend_micro:officescantrend micro officescaneq8.0
trend_micro:client-server-messaging_securitytrend micro client-server-messaging securityeq2.0
trend_micro:client-server-messaging_securitytrend micro client-server-messaging securityeq3.6
trend_micro:officescantrend micro officescaneq7.0
trend_micro:client-server-messaging_securitytrend micro client-server-messaging securityeq3.0

CPE	Name	Operator	Version
trend_micro:client-server-messaging_security	trend micro client-server-messaging security	eq	3.5
trend_micro:officescan	trend micro officescan	eq	7.3
trend_micro:officescan	trend micro officescan	eq	8.0
trend_micro:client-server-messaging_security	trend micro client-server-messaging security	eq	2.0
trend_micro:client-server-messaging_security	trend micro client-server-messaging security	eq	3.6
trend_micro:officescan	trend micro officescan	eq	7.0
trend_micro:client-server-messaging_security	trend micro client-server-messaging security	eq	3.0