CVE-2008-1365

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan Corporate Edition versions 7.3 Patch 3 build 1314 and earlier Trend Micro OfficeScan Corporate Edition versions 8.0 Patch 2 build 1189 and earlier

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code or cause a denial of service via a long encrypted password. This overflow can be triggered in cgiChkMasterPwd.exe, policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

Recommendations For Trend Micro OfficeScan Corporate Edition versions 7.3 Patch 3 build 1314 and earlier, update to a version later than 7.3 Patch 3 build 1314 to resolve the issue. For Trend Micro OfficeScan Corporate Edition versions 8.0 Patch 2 build 1189 and earlier, update to a version later than 8.0 Patch 2 build 1189 to resolve the issue. As a temporary workaround, consider restricting access to cgiChkMasterPwd.exe and policyserver.exe to minimize the risk of exploitation.