Trend Micro OfficeScan 'cgiRecvFile.exe' ComputerName Parameter Buffer Overflow

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by a buffer
overflow vulnerability.

Description :

Trend Micro OfficeScan or Client Server Messaging Security is
installed on the remote host. The installed version is affected by a
buffer overflow vulnerability. By setting the parameter
'ComputerName' to a very long string in a specially crafted HTTP
request, a malicious user within the local network may be able to
trigger a stack-based overflow in 'cgiRecvFile.exe'.

Exploitation of this issue requires manipulation of the parameters
'TempFileName', 'NewFileSize', and 'Verify' and, if successful, would
result in arbitrary code execution on the remote system.

See also :

http://secunia.com/secunia_research/2008-35/
http://www.nessus.org/u?f0629899
http://www.nessus.org/u?4cf6e9b8
http://www.nessus.org/u?181dece3
http://www.nessus.org/u?e96b6aa1
http://www.nessus.org/u?46ebb3f9

Solution :

Upgrade to :

- Trend Micro OfficeScan 8.0 Build 1361/2424 or 3060
depending on the current OfficeScan patch level.
- Trend Micro Client Server Messaging Security 3.6
Build 1195.
- Trend Micro OfficeScan 7.3 Build 3167.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 34216 ()

Bugtraq ID: 31139

CVE ID: CVE-2008-2437

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now