Skip to main content

Trend Micro OfficeScan Multiple Remote Buffer Overflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 29 Feb 2008 2493 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Trend Micro OfficeScan, which could be exploited by remote attackers to cause a denial of service or take complete contol of an affected system. These issues are caused by NULL pointer dereference and buffer overflow errors in the "cgiChkMasterPwd.exe" and "policyserver.exe" services when processing requests with malformed or overly long arguments (e.g. "TMlogonEncrypted" or "pwd"), which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary code.


System / Technologies affected

  • Trend Micro OfficeScan Corporate Edition version 7.3 Patch 3 build 1314 and prior
  • Trend Micro OfficeScan Corporate Edition version 8.0 Patch 2 build 1189


Solutions

There is no patch available for this vulnerability currently.

Temporary Solutions

  • Restrict network access to the services.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link