CVE-2008-2437 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Micro Client-server-messaging Security

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

24.6%

top 3.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Client-server-messaging Security Trend Micro Officescan

Timeline

PublishedSep 16

Latest updateMay 1

Description

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDtrend_micro/client-server-messaging_security4 versions+3

▶NVDtrend_micro/officescan7.0, 7.3, 8.0+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fp34-3782-rcvm: Stack-based buffer overflow in cgiRecvFile↗2022-05-01

▶

CVEList

CVE-2008-2437: Stack-based buffer overflow in cgiRecvFile↗2008-09-16

▶