Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3364Improper Restriction of Operations within the Bounds of a Memory Buffer in Micro Officescan

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
47.4%
top 2.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Trend Micro Officescan
Timeline
PublishedJul 30
Latest updateMay 1

Description

Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party informati

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hjjj-ggh5-mcg2: Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl2022-05-01
CVEList
CVE-2008-3364: Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl2008-07-30

💥Exploits & PoCs

1
Exploit-DB
Trend Micro OfficeScan - ObjRemoveCtrl ActiveX Control Buffer Overflow2008-07-28
CVE-2008-3364 — Trend Micro Officescan vulnerability | cvebase