Trend Micro OfficeScan CGI Module and Policy Server Buffer Overflows - Advisories - Secunia
HTTPのTMLogonEncryptedパラメータが長すぎるとcgiChkMasterPwd.exeがスタックベースのバッファオーバーフローを起こすそうです。
ポリシーサーバ機能にも同様、NACを使っている場合影響ありだそうでそう。
ウイルスバスターCorp 7.3 with Patch 3 build 1314で影響があるそうで、現時点の最新版でも影響があるそうです。
1) A boundary error in cgiChkMasterPwd.exe can be exploited to cause a stack-based buffer overflow via an HTTP request with a specially crafted, overly long "TMLogonEncrypted" parameter.
Successful exploitation allows execution of arbitrary code.
2) A boundary error in PolicyServer.exe can be exploited to cause a stack-based buffer overflow via an HTTP request to the cgiABLogon.exe CGI module with a specially crafted, overly long "pwd" parameter.
Successful exploitation allows execution of arbitrary code but requires that the Trend Micro Policy Server for Cisco NAC is installed.
Other errors, e.g. NULL-pointer dereference errors in certain CGI modules when handling HTTP requests containing certain characters or with invalid "Content-Length" headers, have also been reported.
The vulnerabilities are confirmed in version 7.3 with Patch 3 build 1314. Other versions may also be affected.