BUGTRAQ ID: 31859 CVE(CAN) ID: CVE-2008-3862 OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan服务器在解析CGI请求时存在栈溢出漏洞。如果远程攻击者通过HTTP POST请求向受影响的CGI可执行程序发送了特制的表单数据的话,就可以触发这个溢出,导致执行任意指令。 Trend Micro OfficeScan 8.0 Trend Micro OfficeScan 7.3 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe</a> <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe</a>
BUGTRAQ ID: 31859 CVE(CAN) ID: CVE-2008-3862 OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan服务器在解析CGI请求时存在栈溢出漏洞。如果远程攻击者通过HTTP POST请求向受影响的CGI可执行程序发送了特制的表单数据的话,就可以触发这个溢出,导致执行任意指令。 Trend Micro OfficeScan 8.0 Trend Micro OfficeScan 7.3 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe</a> <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe</a>