This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a buffer overflow vulnerability in Trend Micro OfficeScan which could result in remote code execution.
A buffer-overflow vulnerability occurs because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
This issue affects the password decryption function, which is ubiquitous in several OfficeScan applications, such as the Web Management Console ('cgiChkMasterPwd.exe'), the PolicyServer ('policyserver.exe'), and the Web Interface ('cgiABLogon.exe'). Password data is copied to a 512-byte
stack buffer without verifying the length of the data.
- Trend Micro OfficeScan Corporate Edition 3.0, 3.5, 3.11, 3.13, 3.54
Download and install all vendor patches related to this vulnerability.