Summary
| Detail | |||
|---|---|---|---|
| Vendor | Trend Micro | First view | 2006-10-10 |
| Product | Officescan Corporate Edition | Last view | 2008-03-17 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2008-03-17 | CVE-2008-1366 | Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. |
| 6.4 | 2008-03-17 | CVE-2008-1365 | Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors. |
| 9.3 | 2007-02-20 | CVE-2007-0325 | Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document. |
| 6.4 | 2006-10-10 | CVE-2006-5211 | Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33% (1) | CWE-20 | Improper Input Validation |
SAINT Exploits
| Description | Link |
|---|---|
| Trend Micro OfficeScan client ActiveX control buffer overflow | More info here |
| Trend Micro OfficeScan Policy Server CGI buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 43513 | Trend Micro OfficeScan Unspecified CGI Argument NULL Dereference Remote DoS |
| 43512 | Trend Micro OfficeScan Content-Length Header HTTP Request Handling Remote DoS |
| 42500 | Trend Micro OfficeScan PolicyServer.exe cgiABLogon.exe CGI Module pwd Variabl... |
| 42499 | Trend Micro OfficeScan cgiChkMasterPwd.exe TMLogonEncrypted Variable Remote O... |
| 33040 | Trend Micro OfficeScan SetupINICtrl ActiveX (OfficeScanSetupINI.dll) Multiple... |
| 29461 | Trend Micro OfficeScan Crafted HTTP Request Client Removal |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Trend Micro OfficeScan CGI password decryption buffer overflow attempt RuleID : 17605 - Type : SERVER-WEBAPP - Revision : 9 |
| 2014-01-10 | Trend Micro OfficeScan CGI password decryption buffer overflow attempt RuleID : 13591 - Type : SERVER-WEBAPP - Revision : 9 |
| 2014-01-10 | Trend Micro OfficeScan Client ActiveX function call access RuleID : 10175 - Type : BROWSER-PLUGINS - Revision : 11 |
| 2014-01-10 | Trend Micro OfficeScan Client ActiveX clsid unicode access RuleID : 10174 - Type : WEB-ACTIVEX - Revision : 7 |
| 2014-01-10 | Trend Micro OfficeScan Client ActiveX clsid access RuleID : 10173 - Type : BROWSER-PLUGINS - Revision : 11 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2007-02-21 | Name: The remote Windows host is affected by a remote buffer overflow vulnerability. File: trendmicro_ofscan_buffer_overflow.nasl - Type: ACT_GATHER_INFO |
| 2006-07-14 | Name: The remote web server is vulnerable to remote code execution. File: trendmicro_officescan_multiple.nasl - Type: ACT_ATTACK |
