Lucene search

K
saintSAINT CorporationSAINT:2258A4A386E4AAD0191AAB95ACCDE7BF
HistorySep 23, 2008 - 12:00 a.m.

Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow

2008-09-2300:00:00
SAINT Corporation
download.saintcorporation.com
18

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.821 High

EPSS

Percentile

98.3%

Added: 09/23/2008
CVE: CVE-2008-2437
BID: 31139
OSVDB: 48024

Background

Trend Micro OfficeScan is a centralized virus and security scan management system.

Problem

A buffer overflow vulnerability in **cgiRecvFile.exe** allows remote attackers to execute arbitrary commands by sending an HTTP request containing a specially crafted **ComputerName** parameter.

Resolution

Apply the appropriate patch.

References

<http://secunia.com/secunia_research/2008-35/&gt;

Limitations

Exploit works on Trend Micro OfficeScan 7.3 Patch4.

Due to the nature of the vulnerability, the exploit is not 100% reliable on Windows Server 2003 targets with DEP enabled.

Platforms

Windows
Windows Server 2003 SP2 with DEP

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.821 High

EPSS

Percentile

98.3%

Related for SAINT:2258A4A386E4AAD0191AAB95ACCDE7BF