Trend Micro OfficeScan HTTP Request Buffer Overflow

High Nessus Network Monitor Plugin ID 4724


The remote host contains an application that is affected by a buffer overflow vulnerability.


Trend Micro OfficeScan is installed on the remote host. The installed version is affected by a buffer overflow vulnerability. By sending a specially crafted HTTP request to Trend Micro OfficeScan server CGI modules, it may be possible to trigger a stack based buffer overflow. Successful exploitation of this issue may result in arbitrary code execution on the remote system.


Upgrade to :\n\n - Trend Micro OfficeScan 7.3 Build 1374 or higher\n - Trend Micro OfficeScan 8.0 Build 3110 or higher

See Also (v5.0 WFBS Build 1418) (v7.3 Build 1374) (v8.0 Service Pack 1 Patch 1, Build 3110)

Plugin Details

Severity: High

ID: 4724

File Name: 4724.prm

Family: Generic

Published: 2008/10/27

Modified: 2016/01/15

Nessus ID: 34490

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-3862

BID: 31859

OSVDB: 49275