PT-2008-3905 · Trend Micro · Trend Micro Client / Server / Messaging Security+2
Published
2008-09-16
·
Updated
2018-10-11
·
CVE-2008-2437
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Trend Micro OfficeScan versions 7.3 patch 4 build 1362 and other builds, 8.0, 8.0 SP1
Trend Micro Client Server Messaging Security version 3.6
Description:
The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via an HTTP request containing a long
ComputerName parameter.Recommendations:
For Trend Micro OfficeScan versions 7.3 patch 4 build 1362 and other builds, 8.0, 8.0 SP1, consider restricting access to the cgiRecvFile.exe until a patch is available.
For Trend Micro Client Server Messaging Security version 3.6, avoid using long
ComputerName parameters in HTTP requests until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trend Micro Client / Server / Messaging Security
Trend Micro Officescan
Trend Micro Officescan Server