504918 : Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow

Risk 5 : Miscellaneous

An attacker could create a directory structure on the local file system or within a zip file and cause an anti virus client denial of service. A successful attack would disable the anti virus software and could allow an attacker to permanently disable anti virus.

Trend Micro AntiVirus products provide antivirus, content security, and outbreak management for servers and workstations. Trend Micro OfficeScan is a centralized virus and security scan management system.

OfficeScan Server cgiRecvFile Buffer Overflow 09/16/08 CVE 2008-2437 There exists a buffer overflow vulnerability in Trend Micro's OfficeScan. The flaw is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can leverage this vulnerability to inject and execute arbitrary code with System level privileges on the target system.

The OfficeScan Server cgiRecvFile Buffer Overflow vulnerability was reported in http://www.securityfocus.com/bid/31139 Bugtraq ID 31139.

Solution:

To fix the OfficeScan Server cgiRecvFile Buffer Overflow, http://www.trendmicro.com/download/product.asp?productid=5 apply Trend Micro OfficeScan 8.0 Critical Patch - Server Build 1361, Trend Micro OfficeScan 8.0 Service Pack 1 Critical Patch - Server Build 2424, Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1 Critical Patch - Server Build 3060, or Trend Micro OfficeScan 7.3 Critical Patch - Server Build 1367.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-06-27
New Search
Keywords
Risk Factor
Start Date
End Date
Browse