Computer Security
[EN] securityvulns.ru no-pyccku


Trend Micro OfficeScan buffer overflow
updated since 15.09.2008
Published:29.10.2008
Source:
SecurityVulns ID:9290
Type:remote
Threat Level:
5/10
Description:Buffer overflow in cgiRecvFile.exe Web component.
Affected:TM : OfficeScan 7.3
CVE:CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests.")
 CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.)
Original documentdocumentSECUNIA, Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows (29.10.2008)
 documentSECUNIA, Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow (15.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod