Lucene search
SAINT CorporationSAINT:D6E19CCFA83EF9961323B16810C070EDHistorySep 23, 2008 - 12:00 a.m.
Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow
2008-09-2300:00:00
SAINT Corporation
www.saintcorporation.com
20
0.821 High
EPSS
Percentile
98.1%
Added: 09/23/2008
CVE: CVE-2008-2437
BID: 31139
OSVDB: 48024
Background
Trend Micro OfficeScan is a centralized virus and security scan management system.
Problem
A buffer overflow vulnerability in **cgiRecvFile.exe** allows remote attackers to execute arbitrary commands by sending an HTTP request containing a specially crafted **ComputerName** parameter.
Resolution
Apply the appropriate patch.
References
<http://secunia.com/secunia_research/2008-35/>
Limitations
Exploit works on Trend Micro OfficeScan 7.3 Patch4.
Due to the nature of the vulnerability, the exploit is not 100% reliable on Windows Server 2003 targets with DEP enabled.
Platforms
Windows
Windows Server 2003 SP2 with DEP
Related
nessus
nessus
saint
saint
Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow
2008-09-23 00:00:00
Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow
2008-09-23 00:00:00
Trend Micro OfficeScan cgiRecvFile.exe ComputerName buffer overflow
2008-09-23 00:00:00
prion
prion
Stack overflow
2008-09-16 22:00:00
cve
cve
CVE-2008-2437
2008-09-16 22:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow
2008-09-15 00:00:00
Trend Micro OfficeScan buffer overflow
2008-10-29 00:00:00
openvas
openvas
Trend Micro OfficeScan Server cgiRecvFile.exe Buffer Overflow Vulnerability.
2008-09-25 00:00:00
Trend Micro OfficeScan Server cgiRecvFile.exe Buffer Overflow Vulnerability.
2008-09-25 00:00:00
seebug
seebug
趋势科技OfficeScan cgiRecvFile.exe栈溢出漏洞
2008-09-17 00:00:00