10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.834 High
EPSS
Percentile
98.1%
Added: 07/20/2007
CVE: CVE-2007-3454
BID: 24641
OSVDB: 36629
Trend Micro OfficeScan is a centralized virus and security scan management system.
A buffer overflow vulnerability in the **CGIOCommon.dll**
shared library allows remote attackers to execute arbitrary commands by sending a request containing a long, specially crafted session cookie.
Install the appropriate patch for OfficeScan.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559>
Exploit works on Trend Micro OfficeScan Corporate Edition 7.3 on Windows 2000.
Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.
Windows