Stack-Based Buffer Overflow in Trend Micro OfficeScan Products
CVE-2008-2437

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Client-server-messaging Security; Officescan
Vendor: CVE Published:; 16 September 2008

Summary

A stack-based buffer overflow occurs in cgiRecvFile.exe within Trend Micro OfficeScan versions 7.3 patch 4, 8.0, and 8.0 SP1, as well as Client Server Messaging Security 3.6. This vulnerability can be exploited by remote attackers sending specially crafted HTTP requests with excessively long ComputerName parameters, potentially allowing them to execute arbitrary code on the affected systems. It is crucial for organizations using these products to implement necessary patches and safeguard their networks.

References

http://www.trendmicro.com/ftp/documentation/readme/OSCE_7...

x_refsource_CONFIRM

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8...

x_refsource_CONFIRM

http://securityreason.com/securityalert/4263

third-party-advisoryx_refsource_SREASON

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 16, 2008
Vulnerability Reserved
May 27, 2008