First published: Mon Mar 17 2008(Updated: )
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro OfficeScan Corporate Edition | <=7.3_patch3_build1314 | |
Trend Micro OfficeScan Corporate Edition | <=8.0_patch2_build1189 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-1365 is considered critical due to the potential for remote code execution and denial of service.
To fix CVE-2008-1365, update to the latest version of Trend Micro OfficeScan Corporate Edition that is not affected by this vulnerability.
CVE-2008-1365 affects users of Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier.
In the context of CVE-2008-1365, a stack-based buffer overflow occurs when a long encrypted password exceeds the allocated memory space, potentially allowing malicious code execution.
Yes, CVE-2008-1365 can cause service interruptions as it may lead to a denial of service attack, crashing the application.