Lucene search
SAINT CorporationSAINT:43D6C6CF8F05E64C78646256E98ECDDAHistoryMar 03, 2008 - 12:00 a.m.
Trend Micro OfficeScan Policy Server CGI buffer overflow
2008-03-0300:00:00
SAINT Corporation
download.saintcorporation.com
20
0.243 Low
EPSS
Percentile
96.6%
Added: 03/03/2008
CVE: CVE-2008-1365
BID: 28020
OSVDB: 42500
Background
Trend Micro OfficeScan is a centralized virus and security scan management system.
Problem
A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by sending a long, specially crafted **pwd** parameter to the **cgiABLogon.exe** CGI program.
Resolution
Restrict access to the OfficeScan HTTP port.
References
<http://secunia.com/advisories/29124/>
Limitations
Exploit works on Trend Micro OfficeScan Corporate Edition 7.3.
Platforms
Windows
Related
saint
saint
Trend Micro OfficeScan Policy Server CGI buffer overflow
2008-03-03 00:00:00
Trend Micro OfficeScan Policy Server CGI buffer overflow
2008-03-03 00:00:00
Trend Micro OfficeScan Policy Server CGI buffer overflow
2008-03-03 00:00:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2008-1365
2008-03-17 22:44:00
cve
cve
CVE-2008-1365
2008-03-17 22:44:00
cvelist
cvelist
CVE-2008-1365
2008-03-17 22:00:00
packetstorm
packetstorm
Trend Micro OfficeScan Remote Stack Overflow
2009-11-26 00:00:00
prion
prion
Stack overflow
2008-03-17 22:44:00
kaspersky
kaspersky
KLA10370 DoS vulnerability in OfficeScan
2008-03-17 00:00:00