Vulnerabilities in Trend Micro OfficeScan
Multiple buffer overflows have been discovered in Trend Micro’s OfficeScan, the vendor's combined client-server virus protection product. The bugs can be exploited remotely to gain control over a system. They reside in various applications, including the web management console.
Excess length passwords can provoke an overflow in the cgiChkMasterPwd.exe
file, allowing code injection and execution. The policy server (PolicyServer.exe) suffers from the same problem. For the bugs to be exploitable, the Trend Micro Policy Server for Cisco NAC must be installed, but this is the case in default installations. In addition, processing crafted HTTP content length fields can cause the service to crash.
The bugs were discovered in OfficeScan 7.3 with patch 3, build 1314. Other versions may also be vulnerable. An update is not yet available. The only workaround is to restrict network access to the system.
See also:
- buffer-overflow in the decryption function of the passwords, security advisory from Luigi Auriemma
(mba)