Two vulnerabilities have been reported in Trend Micro OfficeScan, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system.
1) A boundary error within CGIOCommon.dll can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request.
Successful exploitation allows execution of arbitrary code.
2) An error within cgiChkMasterPwd.exe can be exploited to bypass the authentication mechanism of the web management interface by sending a specially crafted request with an empty encryption string and hash.
The vulnerabilities affect OfficeScan Corporate Edition versions 8.0, 7.3, 7.0, 6.5, OfficeScan 6.0 in Client/Server/Messaging Suite for SMB 2, and Client Server Messaging Security versions 3.6, 3.5, and 3.0.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org