10
CVE-2008-2437
- EPSS 6.67%
- Veröffentlicht 16.09.2008 22:00:00
- Zuletzt bearbeitet 16.06.2026 22:53:46
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trend Micro ≫ Client-server-messaging Security Version2.0
Trend Micro ≫ Client-server-messaging Security Version3.0
Trend Micro ≫ Client-server-messaging Security Version3.5
Trend Micro ≫ Client-server-messaging Security Version3.6
Trend Micro ≫ Officescan Version7.0
Trend Micro ≫ Officescan Version7.3
Trend Micro ≫ Officescan Version7.3 Updatepatch_4
Trend Micro ≫ Officescan Version8.0
Trend Micro ≫ Officescan Version8.0 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.67% | 0.93 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/31342
http://secunia.com/secunia_research/2008-35/
http://securityreason.com/securityalert/4263
http://www.securityfocus.com/archive/1/496281/100/0/threaded
http://www.securityfocus.com/bid/31139
http://www.securitytracker.com/id?1020860
http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt
http://www.vupen.com/english/advisories/2008/2555
https://exchange.xforce.ibmcloud.com/vulnerabilities/45072