BUGTRAQ ID: 31859
CVE(CAN) ID: CVE-2008-3862
OfficeScan是一种针对整个网段的分布式杀毒软件。
OfficeScan服务器在解析CGI请求时存在栈溢出漏洞。如果远程攻击者通过HTTP POST请求向受影响的CGI可执行程序发送了特制的表单数据的话,就可以触发这个溢出,导致执行任意指令。
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe” target=“_blank”>http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe</a>
<a href=“http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe” target=“_blank”>http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe</a>