27 June 2007, 10:49

Two holes in Trend Micro’s OfficeScan Corporate Edition

Trend Micro has released an update for the company’s OfficeScan Corporate Edition 8.0 to close two security holes in its OfficeScan Server product. OfficeScan Server distributes the software and all updates to the clients.

A buffer overflow in the CGI module (CGIOCommon.dll) can be exploited to inject arbitrary code when crafted HTTP requests are handled, and to execute the code with web server privileges. An attacker may also exploit a bug in the authentication service (cgiChkMasterPwd.exe) of the OfficeScan Management Console to bypass authentication merely by sending packets with manipulated HTTP headers to the server. The update (Build 1024) (download) replaces the defective modules with updated versions. According to the vendor’s advisory, the new CGI module resets the stored user log-on information.

Channels

Services

Two holes in Trend Micro’s OfficeScan Corporate Edition

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit