Trend Micro OfficeScan Multiple Remote Buffer Overflow Vulnerabilities
Multiple vulnerabilities have been identified in Trend Micro OfficeScan, which could be exploited by remote attackers to cause a denial of service or take complete contol of an affected system. These issues are caused by NULL pointer dereference and buffer overflow errors in the "cgiChkMasterPwd.exe" and "policyserver.exe" services when processing requests with malformed or overly long arguments (e.g. "TMlogonEncrypted" or "pwd"), which could be exploited by remote unauthenticated attackers to crash a vulnerable application or execute arbitrary code.
System / Technologies affected
- Trend Micro OfficeScan Corporate Edition version 7.3 Patch 3 build 1314 and prior
- Trend Micro OfficeScan Corporate Edition version 8.0 Patch 2 build 1189
There is no patch available for this vulnerability currently.
- Restrict network access to the services.
- No CVE information is available