Trend Micro OfficeScan CGI Parsing Buffer Overflow - Secunia Advisories - Vulnerability Intelligence - Secunia.com(情報元のブックマーク数)

IT セキュリティ TREND

ウイルスバスターCorp版のCGIリクエストの処理に問題があってスタックオーバーフローが発生するそうです。

任意のコードも実行可能かもとの事。

Secunia Research has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error when parsing CGI requests and can be exploited to cause a stack-based buffer overflow via an HTTP request with specially crafted form data.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied. Other versions may also be affected.

Security Advisory SA32005 - Trend Micro OfficeScan CGI Parsing Buffer Overflow - Secunia

7.3 のBuild 1374/ 8.0のbuild 3110では問題ないみたい。

US-CERT encourages users and administrators to review Trend Micro Critical Patch Release overview for Build 1374 and Build 3110 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/index.html#trend_micro_officescan_critical_patch

screenshot