Stack-based Buffer Overflow in Trend Micro OfficeScan Corporate Edition
CVE-2008-1365

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Officescan Corporate Edition
Vendor: CVE Published:; 17 March 2008

Summary

A stack-based buffer overflow exists in Trend Micro OfficeScan Corporate Edition due to inadequate validation of input in specific executables. This vulnerability allows remote attackers to craft a long encrypted password, leading to the potential execution of arbitrary code or denial of service. Attackers may exploit this flaw via cgiChkMasterPwd.exe and policyserver.exe, affecting the security integrity of systems running the affected versions.

References

http://www.vupen.com/english/advisories/2008/0702

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1019523

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/28020

vdb-entryx_refsource_BID

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 17, 2008
Vulnerability Reserved
Mar 17, 2008