Published: 17/03/2008 Updated: 08/03/2011

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 650

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and previous versions, and 7.3 Patch 3 build 1314 and previous versions, allows remote malicious users to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trend micro officescan corporate edition

## # $Id: trendmicro_officescanrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' r ...

source: wwwsecurityfocuscom/bid/28020/info Trend Micro OfficeScan Corporate Edition is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer Successful exploits may allow an atta ...

CWE-119 http://aluigi.altervista.org/adv/officescaz-adv.txt http://secunia.com/advisories/29124 http://www.securityfocus.com/bid/28020 http://www.securitytracker.com/id?1019523 http://www.vupen.com/english/advisories/2008/0702 https://nvd.nist.gov https://www.exploit-db.com/exploits/16768/

CVE-2008-1365

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect