Trend Micro OfficeScan 'cgiRecvFile.exe' Buffer Overflow

High Nessus Network Monitor Plugin ID 4684

Synopsis

The remote host contains an application that is affected by a buffer overflow vulnerability.

Description

Trend Micro OfficeScan or Client Server Messaging Security is installed on the remote host. The installed version is affected by a buffer overflow vulnerability. By setting the parameter 'ComputerName' to a very long string in a specially crafted HTTP request, a malicious user within the local network may be able to trigger a stack-based overflow in 'cgiRecvFile.exe'. Exploitation of this issue requires manipulation of the parameters 'TempFileName', 'NewFileSize', and 'Verify' and, if successful, would result in arbitrary code execution on the remote system.

Solution

Upgrade to : \n\n - Trend Micro OfficeScan 8.0 Build 1361/2424 or 3060 depending on the current OfficeScan patch level.\n - Trend Micro Client Server Messaging Security 3.6 Build 1195.\n - Trend Micro OfficeScan 7.3 Build 3167.

See Also

http://www.nessus.org/u?f0629899 (v7.3 Build 1367)

http://www.nessus.org/u?4cf6e9b8 (v7.6/v3.6 CSM Build 1195)

http://www.nessus.org/u?181dece3 (v8.0 Build 1361)

http://www.nessus.org/u?e96b6aa1 (v8.0 Service Pack 1, Build 2424)

http://www.nessus.org/u?46ebb3f9 (v8.0 Service Pack 1 Patch 1, Build 3060)

http://secunia.com/secunia_research/2008-35

Plugin Details

Severity: High

ID: 4684

File Name: 4684.prm

Family: Generic

Published: 2008/09/17

Modified: 2016/03/24

Nessus ID: 34216

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2437

BID: 31139

OSVDB: 48024