FrSIRT - Trend Micro OfficeScan "Wizard" and "CgiRemoteInstall" Buffer Overflow Vulnerabilities / Exploit
ウイルスバスターCorp版7.3と6.5において、Wizard.exeとCgiRemoteInstall.exeでバッファオーバーフローの脆弱性があるそうです。
Plusieurs vulnerabilites ont ete identifiees dans Trend Micro OfficeScan, elles pourraient etre exploitees par des attaquants distants afin de compromettre un systeme vulnerable ou causer un deni de service. Ces failles resultent d'erreurs de type buffer overflow presentes aux niveaux des modules "PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe" et "PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe" qui ne gerent pas correctement des arguments malformes, ce qui pourrait etre exploite par des attaquants afin d'executer des commandes arbitraires distantes.
ウイルスバスター コーポレートエディション 7.3 Patch 1で直っていることを祈る今日この頃、6.5のセキュリティパッチの予定はなさそうです。
OfficeScan Corporate Edition(TM) version 7.3 Patch 1.1 - build 1146
18. The OfficeScan server's "Wizard.exe" component located in
"\PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe" may have a
buffer overflow vulnerability.19. The OfficeScan server's "CgiRemoteInstall.exe " component located
in "\PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe "
may have a buffer overflows vulnerability.OfficeScan(TM) Corporate Edition for Windows(TM) 6.5 Patch 8
31. There is a vulnerability in the CGI binary "cgiremoteinstall.exe".
34. "Wizard.exe" has a stack overflow vulnerability.
