CVE-2008-2437

Published Sep 16, 2008

Last updated 6 years ago

CVSS info 10.0

Overview

Description: Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5608EC01-6625-4B55-BB2F-7EDD2A2C5F75"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1C7AAB1-847F-41AC-8324-3B96ACDF42C9"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0F900AA-550D-4D41-8777-B470EF8E5235"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "241286A4-320A-4F3A-B5B2-2C19BBDFCC4C"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:officescan:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B4D4F2B-4B34-42DA-A23A-16490F19EF53"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:officescan:7.3:patch_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9788F679-89C2-4228-BD38-283C03D3E415"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:officescan:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A05A70AB-32D4-4948-94B2-DCFED9155DFA"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References