Trend Micro OfficeScan Policy Server CGI buffer overflow
Added: 03/03/2008CVE: CVE-2008-1365
BID: 28020
OSVDB: 42500
Background
Trend Micro OfficeScan is a centralized virus and security scan management system.Problem
A buffer overflow vulnerability in the Policy Server for Cisco NAC component allows remote attackers to execute arbitrary commands by sending a long, specially crafted pwd parameter to the cgiABLogon.exe CGI program.Resolution
Restrict access to the OfficeScan HTTP port.References
http://secunia.com/advisories/29124/Limitations
Exploit works on Trend Micro OfficeScan Corporate Edition 7.3.Platforms
WindowsBack to exploit index