10
CVE-2008-2437
- EPSS 24.59%
- Veröffentlicht 16.09.2008 22:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginStack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trend Micro ≫ Client-server-messaging Security Version2.0
Trend Micro ≫ Client-server-messaging Security Version3.0
Trend Micro ≫ Client-server-messaging Security Version3.5
Trend Micro ≫ Client-server-messaging Security Version3.6
Trend Micro ≫ Officescan Version7.0
Trend Micro ≫ Officescan Version7.3
Trend Micro ≫ Officescan Version7.3 Updatepatch_4
Trend Micro ≫ Officescan Version8.0
Trend Micro ≫ Officescan Version8.0 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 24.59% | 0.959 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.