Detections
Analytics

Trend Micro OfficeScan 'cgiRecvFile.exe' ComputerName Parameter Buffer Overflow

high Nessus Plugin ID 34216

Synopsis

The remote host contains an application that is affected by a buffer overflow vulnerability.

Description

Trend Micro OfficeScan or Client Server Messaging Security is installed on the remote host. The installed version is affected by a buffer overflow vulnerability. By setting the parameter 'ComputerName' to a very long string in a specially crafted HTTP request, a malicious user within the local network may be able to trigger a stack-based overflow in 'cgiRecvFile.exe'.

Exploitation of this issue requires manipulation of the parameters 'TempFileName', 'NewFileSize', and 'Verify' and, if successful, would result in arbitrary code execution on the remote system.

Solution

Upgrade to :

- Trend Micro OfficeScan 8.0 Build 1361/2424 or 3060 depending on the current OfficeScan patch level.
 - Trend Micro Client Server Messaging Security 3.6 Build 1195.
 - Trend Micro OfficeScan 7.3 Build 3167.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2008-35/

http://www.nessus.org/u?f0629899

http://www.nessus.org/u?4cf6e9b8

http://www.nessus.org/u?181dece3

http://www.nessus.org/u?e96b6aa1

http://www.nessus.org/u?46ebb3f9

Plugin Details

Severity: High

ID: 34216

File Name: trendmicro_officescan_cgirecvfile_overflow.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 9/16/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 9/12/2008

Reference Information

CVE: CVE-2008-2437

BID: 31139

CWE: 119

Secunia: 31342