1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Trend Micro OfficeScan BO

HTTP Trend Micro OfficeScan BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in Trend Micro OfficeScan which could result in remote code execution.

Additional Information

A buffer-overflow vulnerability occurs because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

This issue affects the password decryption function, which is ubiquitous in several OfficeScan applications, such as the Web Management Console ('cgiChkMasterPwd.exe'), the PolicyServer ('policyserver.exe'), and the Web Interface ('cgiABLogon.exe'). Password data is copied to a 512-byte
stack buffer without verifying the length of the data.

Affected

  • Trend Micro OfficeScan Corporate Edition 3.0, 3.5, 3.11, 3.13, 3.54

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube