Lucene search

MitreCVE-2008-1365

HistoryMar 17, 2008 - 10:44 p.m.

CVE-2008-1365

2008-03-1722:44:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-1365

trend micro

officescan

buffer overflow

vulnerability

remote code execution

denial of service

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.243

Percentile

96.6%

JSON

Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

Affected configurations

Nvd

Node

trend_microofficescan_corporate_editionRange≤7.3_patch3_build1314

trend_microofficescan_corporate_editionRange≤8.0_patch2_build1189

VendorProductVersionCPE
trend_microofficescan_corporate_edition*cpe:2.3:a:trend_micro:officescan_corporate_edition:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trend_micro	officescan_corporate_edition	*	cpe:2.3:a:trend_micro:officescan_corporate_edition::::::::

References

aluigi.altervista.org/adv/officescaz-adv.txt

secunia.com/advisories/29124

www.securityfocus.com/bid/28020

www.securitytracker.com/id?1019523

www.vupen.com/english/advisories/2008/0702

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.243

Percentile

96.6%

JSON

Related for CVE-2008-1365