10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.821 High
EPSS
Percentile
98.3%
Added: 09/23/2008
CVE: CVE-2008-2437
BID: 31139
OSVDB: 48024
Trend Micro OfficeScan is a centralized virus and security scan management system.
A buffer overflow vulnerability in **cgiRecvFile.exe**
allows remote attackers to execute arbitrary commands by sending an HTTP request containing a specially crafted **ComputerName**
parameter.
Apply the appropriate patch.
<http://secunia.com/secunia_research/2008-35/>
Exploit works on Trend Micro OfficeScan 7.3 Patch4.
Due to the nature of the vulnerability, the exploit is not 100% reliable on Windows Server 2003 targets with DEP enabled.
Windows
Windows Server 2003 SP2 with DEP