Test ID:	1.3.6.1.4.1.25623.1.0.900220
Category:	Buffer overflow
Title:	Trend Micro OfficeScan Server cgiRecvFile.exe Buffer Overflow Vulnerability.
Summary:	Trend Micro OfficeScan is prone to a buffer overflow vulnerability.
Description:	Summary: Trend Micro OfficeScan is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to error in cgiRecvFile.exe can be exploited to cause a stack based buffer overflow by sending a specially crafted HTTP request with a long ComputerName parameter. Vulnerability Impact: Remote exploitation could allow execution of arbitrary code to cause complete compromise of system and failed attempt leads to denial of service condition. Affected Software/OS: Trend Micro OfficeScan Corporate Edition version 8.0 Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3 Trend Micro Client Server Messaging Security (CSM) for SMB versions 2.x and 3.x Solution: Partially Fixed. Fix is available for Trend Micro OfficeScan 8.0, 7.3 and Client Server Messaging Security (CSM) 3.6. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2437 BugTraq ID: 31139 http://www.securityfocus.com/bid/31139 Bugtraq: 20080912 Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/496281/100/0/threaded http://secunia.com/secunia_research/2008-35/ http://www.securitytracker.com/id?1020860 http://secunia.com/advisories/31342 http://securityreason.com/securityalert/4263 http://www.vupen.com/english/advisories/2008/2555 XForce ISS Database: trendmicro-cgirecvfile-bo(45072) https://exchange.xforce.ibmcloud.com/vulnerabilities/45072
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.