Trend Micro OfficeScan HTTP Request Buffer Overflow

2008-10-2700:00:00

Tenable

www.tenable.com

JSON

Trend Micro OfficeScan is installed on the remote host. The installed version is affected by a buffer overflow vulnerability. By sending a specially crafted HTTP request to Trend Micro OfficeScan server CGI modules, it may be possible to trigger a stack based buffer overflow. Successful exploitation of this issue may result in arbitrary code execution on the remote system.

Binary data 4724.prm

VendorProductVersionCPE
trend_microofficescancpe:/a:trend_micro:officescan

Vendor	Product	Version	CPE
trend_micro	officescan		cpe:/a:trend_micro:officescan

References

Build 3110)

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3862

secunia.com/secunia_research/2008-40

www.nessus.org/u?01759f7a (v8.0 Service Pack 1 Patch 1

www.nessus.org/u?2b7bfd4c (v7.3 Build 1374)

www.nessus.org/u?9805a21c (v5.0 WFBS Build 1418)

JSON