CVE-2008-1365
Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
Desbordamiento de búfer basado en pila en Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 y anteriores y 7.3 Patch 3 build 1314 y anteriores, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída) a través de una contraseña larga cifrada, la cual dispara el desbordamiento en (1) cgiChkMasterPwd.exe, (2) policyserver.exe alcanzable mediante cgiABLogon.exe y otros vectores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-27 First Exploit
- 2008-03-17 CVE Reserved
- 2008-03-17 CVE Published
- 2023-09-26 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/28020 | Vdb Entry | |
| http://www.securitytracker.com/id?1019523 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0702 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31310 | 2008-02-27 | |
| https://www.exploit-db.com/exploits/16768 | 2010-05-09 | |
| http://aluigi.altervista.org/adv/officescaz-adv.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29124 | 2011-03-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trend Micro Search vendor "Trend Micro" | Officescan Corporate Edition Search vendor "Trend Micro" for product "Officescan Corporate Edition" | <= 7.3_patch3_build1314 Search vendor "Trend Micro" for product "Officescan Corporate Edition" and version " <= 7.3_patch3_build1314" | - |
Affected
| ||||||
| Trend Micro Search vendor "Trend Micro" | Officescan Corporate Edition Search vendor "Trend Micro" for product "Officescan Corporate Edition" | <= 8.0_patch2_build1189 Search vendor "Trend Micro" for product "Officescan Corporate Edition" and version " <= 8.0_patch2_build1189" | - |
Affected
| ||||||