PT-2008-5204 · Trend Micro · Trend Micro Officescan

Published

2008-10-23

Updated

2018-10-11

CVE-2008-3862

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 7.3 Patch 4 build 1367 through 7.3 Patch 4 build 1373 Trend Micro OfficeScan version 8.0 SP1 Patch 1 before build 3110

Description The issue is related to a stack-based buffer overflow in CGI programs within the server, allowing remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data. This is related to the parsing of CGI requests.

Recommendations For Trend Micro OfficeScan versions 7.3 Patch 4 build 1367 through 7.3 Patch 4 build 1373, update to build 1374 or later. For Trend Micro OfficeScan version 8.0 SP1 Patch 1 before build 3110, update to build 3110 or later. As a temporary workaround, consider restricting access to CGI programs within the server to minimize the risk of exploitation.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-3862

Affected Products

Trend Micro Officescan

PT-2008-5204 · Trend Micro · Trend Micro Officescan

CVE-2008-3862

Weakness Enumeration

Related Identifiers

Affected Products

References · 11