Trend Micro OfficeScan 栈缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114672 漏洞类型 缓冲区溢出
发布时间 2008-02-27 更新时间 2008-09-05
CVE编号 CVE-2008-1365 CNNVD-ID CNNVD-200803-254
漏洞平台 Windows CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/31310
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200803-254
|漏洞详情
TrendMicroOfficeScanCorporateEdition8.0Patch2build1189及其早期版本,和7.3Patch3build1314及其早期版本中的基于栈缓冲区溢出会允许远程攻击者通过一个长得加密的密码来执行任意代码或造成一个拒绝服务(崩溃)。该密码会引发(1)cgiChkMasterPwd.exe,和(2)通过cgiABLogon.exe以及其他向量即可获得的policyserver.exeasreachable,发生溢出。
|漏洞EXP
source: http://www.securityfocus.com/bid/28020/info

Trend Micro OfficeScan Corporate Edition is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with privileges of the user running the application. This may facilitate a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect the following:

OfficeScan Corporate Edition 8.0 Patch 2 Build 1189 and earlier
OfficeScan Corporate Edition 7.0 Patch 3 Build 1314 and earlier

Other Trend Micro products may also be affected. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/31310.zip
|参考资料

来源:SECUNIA
名称:29124
链接:http://secunia.com/advisories/29124
来源:MISC
链接:http://aluigi.altervista.org/adv/officescaz-adv.txt
来源:SECTRACK
名称:1019523
链接:http://www.securitytracker.com/id?1019523
来源:BID
名称:28020
链接:http://www.securityfocus.com/bid/28020
来源:VUPEN
名称:ADV-2008-0702
链接:http://www.frsirt.com/english/advisories/2008/0702