Signature Detail

HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow1

This signature detects attempts to exploit a known buffer overflow vulnerability in Trend Micro's OfficeScan. It is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can leverage this to inject and execute arbitrary code with System level privileges on the target system. In a successful code injection and execution attack, the behavior of the target is entirely dependent on the intended function of the injected code. In an unsuccessful attack, the CGI process initiated for the session terminates abnormally.