CVE-2008-2437

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Client-server-messaging Security; Officescan
Vendor: CVE Published:; 16 September 2008

Summary

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.

References

http://www.trendmicro.com/ftp/documentation/readme/OSCE_7...

x_refsource_CONFIRM

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8...

x_refsource_CONFIRM

http://securityreason.com/securityalert/4263

third-party-advisoryx_refsource_SREASON

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 16, 2008
Vulnerability Reserved
May 27, 2008