Trend Micro OfficeScan CGI Parsing Buffer Overflow - Secunia Advisories - Vulnerability Intelligence - Secunia.com(情報元のブックマーク数)
ウイルスバスターCorp版のCGIリクエストの処理に問題があってスタックオーバーフローが発生するそうです。
任意のコードも実行可能かもとの事。
Secunia Research has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a vulnerable system.
Security Advisory SA32005 - Trend Micro OfficeScan CGI Parsing Buffer Overflow - Secunia
The vulnerability is caused due to a boundary error when parsing CGI requests and can be exploited to cause a stack-based buffer overflow via an HTTP request with specially crafted form data.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied. Other versions may also be affected.
7.3 のBuild 1374/ 8.0のbuild 3110では問題ないみたい。
US-CERT encourages users and administrators to review Trend Micro Critical Patch Release overview for Build 1374 and Build 3110 and apply any necessary updates to help mitigate the risks.
http://www.us-cert.gov/current/index.html#trend_micro_officescan_critical_patch
- SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
- Trend Micro、OfficeScanの脆弱性を修正 - ITmedia エンタープライズ