Vulnerability Details CVE-2008-1365
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.752
EPSS Ranking 98.8%
CVSS Severity
CVSS v2 Score 6.4
References
- http://aluigi.altervista.org/adv/officescaz-adv.txt
- http://secunia.com/advisories/29124
- http://www.securityfocus.com/bid/28020
- http://www.securitytracker.com/id?1019523
- http://www.vupen.com/english/advisories/2008/0702
- http://aluigi.altervista.org/adv/officescaz-adv.txt
- http://secunia.com/advisories/29124
- http://www.securityfocus.com/bid/28020
- http://www.securitytracker.com/id?1019523
- http://www.vupen.com/english/advisories/2008/0702
Products affected by CVE-2008-1365
-
cpe:2.3:a:trend_micro:officescan_corporate_edition:*