趋势科技OfficeScan cgiRecvFile.exe栈溢出漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

BUGTRAQ ID: 31139 CVE(CAN) ID: CVE-2008-2437 OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan的cgiRecvFile.exe中存在栈溢出漏洞,如果远程攻击者在提交的HTTP请求中包含了超长的ComputerName参数的话,就可以触发这个溢出,导致执行任意指令。必须还要控制TempFileName、NewFileSize和Verify参数才能利用这个漏洞。 Trend Micro OfficeScan 7.3 patch 4 build 1362 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060.exe</a> <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424.exe</a> <a href=http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1361.exe target=_blank>http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1361.exe</a> <a...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息