Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2437

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2437
Last Modified 07 Mar 2011 10:09:11
Published 16 Sep 2008 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2437

Summary

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.

Vulnerable Systems

Application

  • Trend Micro Client-server-messaging Security 2.0

  • Trend Micro Client-server-messaging Security 3.0

  • Trend Micro Client-server-messaging Security 3.5

  • Trend Micro Client-server-messaging Security 3.6

  • Trend Micro Officescan 7.0

  • Trend Micro Officescan 7.3

  • Trend Micro Officescan 8.0


References

BID - 31139

XF - trendmicro-cgirecvfile-bo(45072)

VUPEN - ADV-2008-2555

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt

SECTRACK - 1020860

BUGTRAQ - 20080912 Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow

SREASON - 4263

MISC - http://secunia.com/secunia_research/2008-35/

SECUNIA - 31342


Last Updated: 27 May 2016 10:47:52