Trend Micro OfficeScan Multiple Remote Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 29 Feb 2008 4479 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Trend Micro OfficeScan, which could be exploited by remote attackers to cause a denial of service or take complete contol of an affected system. These issues are caused by NULL pointer dereference and buffer overflow errors in the "cgiChkMasterPwd.exe" and "policyserver.exe" services when processing requests with malformed or overly long arguments (e.g. "TMlogonEncrypted" or "pwd"), which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary code.

System / Technologies affected

  • Trend Micro OfficeScan Corporate Edition version 7.3 Patch 3 build 1314 and prior
  • Trend Micro OfficeScan Corporate Edition version 8.0 Patch 2 build 1189

Solutions

There is no patch available for this vulnerability currently.

Temporary Solutions

  • Restrict network access to the services.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Symantec Products Decomposer Buffer Overflow and DoS Vulnerabilities

28 Feb 2008 4472 Views

Next

ICQ Message Handling and Conversion Remote Format String Vulnerability

29 Feb 2008 4462 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY