CVE-2008-3862

Sažetak

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."

Reference

http://secunia.com/advisories/32005
http://secunia.com/secunia_research/2008-40/
http://securityreason.com/securityalert/4489
http://www.securityfocus.com/archive/1/497650/100/0/threaded
http://www.securityfocus.com/bid/31859
http://www.securitytracker.com/id?1021093
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt
http://www.vupen.com/english/advisories/2008/2892

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2018 - 20:50

Objavljeno

23-10-2008 - 22:00