Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:TMIC:OFFICESCAN-PW-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Trend Micro OfficeScan Password Data Buffer Overflow

Release Date

 2008/04/10

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Trend Micro OfficeScan Password Data Buffer Overflow


This signature detects attempts to exploit a known vulnerability against Trend Micro OfficeScan. A successful attack can allow the attacker to execute arbitrary code with the privileges of the user running the application.

Extended Description

Trend Micro OfficeScan Corporate Edition is prone to a buffer-overflow vulnerability and a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Successful exploits may allow an attacker to execute arbitrary code with privileges of the user running the application. This may facilitate a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions. These issues affect the following: OfficeScan Corporate Edition 8.0 Patch 2 Build 1189 and earlier OfficeScan Corporate Edition 7.0 Patch 3 Build 1314 and earlier Other Trend Micro products may also be affected.

Affected Products

  • Trend Micro OfficeScan Corporate Edition 3.0.0
  • Trend Micro OfficeScan Corporate Edition 3.11.0
  • Trend Micro OfficeScan Corporate Edition 3.13.0
  • Trend Micro OfficeScan Corporate Edition 3.5.0
  • Trend Micro OfficeScan Corporate Edition 3.54.0
  • Trend Micro OfficeScan Corporate Edition 5.0.0 2
  • Trend Micro OfficeScan Corporate Edition 5.5.0
  • Trend Micro OfficeScan Corporate Edition 5.58.0
  • Trend Micro OfficeScan Corporate Edition 6.0
  • Trend Micro OfficeScan Corporate Edition 6.5
  • Trend Micro OfficeScan Corporate Edition 6.5.0
  • Trend Micro OfficeScan Corporate Edition 7.0
  • Trend Micro OfficeScan Corporate Edition 7.0.0
  • Trend Micro OfficeScan Corporate Edition 7.3
  • Trend Micro OfficeScan Corporate Edition 7.3 Build 1314
  • Trend Micro OfficeScan Corporate Edition 8.0
  • Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 Build 1189
  • Trend Micro OfficeScan Corporate Edition 8.0.patch build 1042

References

  • BugTraq: 28020
  • CVE: CVE-2008-1365
  • URL: http://www.securityfocus.com/archive/1/20080227203019.061547bd.aluigi@autistici.org

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out