Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1E15394663E1E50C414543B05113FF5B
HistoryMar 03, 2008 - 12:00 a.m.

Trend Micro OfficeScan Policy Server CGI buffer overflow

2008-03-0300:00:00
SAINT Corporation
my.saintcorporation.com
25

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.243

Percentile

96.6%

JSON

Added: 03/03/2008
CVE: CVE-2008-1365
BID: 28020
OSVDB: 42500

Background

Trend Micro OfficeScan is a centralized virus and security scan management system.

Problem

A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by sending a long, specially crafted **pwd** parameter to the **cgiABLogon.exe** CGI program.

Resolution

Restrict access to the OfficeScan HTTP port.

References

<http://secunia.com/advisories/29124/&gt;

Limitations

Exploit works on Trend Micro OfficeScan Corporate Edition 7.3.

Platforms

Windows

Related

prion 1
metasploit 1
saint 3
cvelist 1
cve 1
packetstorm 1
checkpoint_advisories 1
exploitdb 2
nvd 1
kaspersky 1
prion
prion
Stack overflow
2008-03-17 22:44:00
metasploit
metasploit
Trend Micro OfficeScan Remote Stack Buffer Overflow
2007-09-09 22:56:35
saint
saint
Trend Micro OfficeScan Policy Server CGI buffer overflow
2008-03-03 00:00:00
Trend Micro OfficeScan Policy Server CGI buffer overflow
2008-03-03 00:00:00
Trend Micro OfficeScan Policy Server CGI buffer overflow
2008-03-03 00:00:00
cvelist
cvelist
CVE-2008-1365
2008-03-17 22:00:00
cve
cve
CVE-2008-1365
2008-03-17 22:44:00
packetstorm
packetstorm
Trend Micro OfficeScan Remote Stack Overflow
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Trend Micro OfficeScan CGI Password Decryption Buffer Overflow (CVE-2008-1365)
2009-11-25 00:00:00
exploitdb
exploitdb
Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC)
2008-02-27 00:00:00
Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)
2010-05-09 00:00:00
nvd
nvd
CVE-2008-1365
2008-03-17 22:44:00
kaspersky
kaspersky
KLA10370 DoS vulnerability in OfficeScan
2008-03-17 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.243

Percentile

96.6%

JSON
Related for SAINT:1E15394663E1E50C414543B05113FF5B
prion1metasploit1saint3cvelist1cve1packetstorm1checkpoint_advisories1exploitdb2nvd1kaspersky1