Intrusion Prevention

TrendMicro.OfficeScan.CGI.Buffer.Overflow

Description

This indicates an attempt to exploit a stack based buffer overflow vulnerability in Trend Micro OfficeScan Server.
The vulnerability is caused by an error in the CGI console application "cgiChkMasterPwd.exe", which fails to properly check user supplied data before copying it into an insufficiently sized buffer. Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable system.

Affected Products

Trend Micro OfficeScan Corporate Edition for SMB2.0 6.0
Trend Micro OfficeScan Corporate Edition 8.0
Trend Micro OfficeScan Corporate Edition 7.3
Trend Micro OfficeScan Corporate Edition 7.0
Trend Micro OfficeScan Corporate Edition 6.5
Trend Micro Client Server Messaging Security for SMB 3.6
Trend Micro Client Server Messaging Security for SMB 3.5
Trend Micro Client Server Messaging Security for SMB 3.0

Impact

System compromise: remote code execution.

Recommended Actions

Apply patches:
Trend Micro Client Server Messaging Security for SMB 3.5
* Trend Micro csm_35_osce_75_win_en_securitypatch_b1152.exe
http://www.trendmicro.com/ftp/products/patches/csm_35_osce_75_win_en_s ecuritypatch_b1152.exe
* Trend Micro csm_36_osce_76_win_en_securitypatch_b1149.exe
http://www.trendmicro.com/ftp/products/patches/csm_36_osce_76_win_en_s ecuritypatch_b1149.exe
Trend Micro Client Server Messaging Security for SMB 3.0
* Trend Micro csm_30_osce_72_win_en_securitypatch_b1209.exe
http://www.trendmicro.com/ftp/products/patches/csm_30_osce_72_win_en_s ecuritypatch_b1209.exe
Trend Micro OfficeScan Corporate Edition 8.0
* Trend Micro Trend Micro OfficeScan security patch 1042
http://www.trendmicro.com/ftp/products/patches/osce_80_win_en_security patch_b1042.exe

CVE References

CVE-2008-1365 CVE-2007-3454