CVE-2008-3862 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Micro Officescan

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

34.5%

top 3.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Officescan

Timeline

PublishedOct 23

Latest updateMay 2

Description

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDtrend_micro/officescan7.3, 8.0+1

Patches

Patch: secunia.com ↗Patch: www.trendmicro.com ↗Patch: www.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-fx67-f89m-hrfr: Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7↗2022-05-02

▶

CVEList

CVE-2008-3862: Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7↗2008-10-23

▶