CVE-2008-3862
published 2008-10-23CVE-2008-3862: Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1…
PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
18.41%
96.9th percentile
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | officescan | — | — |
| trend_micro | officescan | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/32005http://secunia.com/secunia_research/2008-40/http://securityreason.com/securityalert/4489http://www.securityfocus.com/archive/1/497650/100/0/threadedhttp://www.securityfocus.com/bid/31859http://www.securitytracker.com/id?1021093http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txthttp://www.vupen.com/english/advisories/2008/2892http://secunia.com/advisories/32005http://secunia.com/secunia_research/2008-40/http://securityreason.com/securityalert/4489http://www.securityfocus.com/archive/1/497650/100/0/threadedhttp://www.securityfocus.com/bid/31859http://www.securitytracker.com/id?1021093http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txthttp://www.vupen.com/english/advisories/2008/2892
2008-10-23
Published