PT-2008-3905 · Trend Micro · Trend Micro Client / Server / Messaging Security+2
Publicado
2008-09-16
·
Atualizado
2018-10-11
·
CVE-2008-2437
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Trend Micro OfficeScan versions 7.3 patch 4 build 1362 and other builds, 8.0, 8.0 SP1
Trend Micro Client Server Messaging Security version 3.6
Description:
The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via an HTTP request containing a long
ComputerName parameter.Recommendations:
For Trend Micro OfficeScan versions 7.3 patch 4 build 1362 and other builds, 8.0, 8.0 SP1, consider restricting access to the cgiRecvFile.exe until a patch is available.
For Trend Micro Client Server Messaging Security version 3.6, avoid using long
ComputerName parameters in HTTP requests until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.RCE
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Trend Micro Client / Server / Messaging Security
Trend Micro Officescan
Trend Micro Officescan Server