CVE-2008-3862

critical

Description

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."

References

http://www.vupen.com/english/advisories/2008/2892

http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt

http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt

http://www.securitytracker.com/id?1021093

http://www.securityfocus.com/bid/31859

http://www.securityfocus.com/archive/1/497650/100/0/threaded

http://securityreason.com/securityalert/4489

http://secunia.com/secunia_research/2008-40/

http://secunia.com/advisories/32005

Details

Source: Mitre, NVD

Published: 2008-10-23

Updated: 2018-10-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical