📦

officescan_corporate_edition

Vendor: trend_micro

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 2 Code Available
Total RCEs 2 Remote Access
Total CVEs 5 Total Indexed
Avg. EPSS 38.42% Exploit Prob.
Latest CVE CVE-2008-1365 Mar 17

Security Vulnerability Index

Page 1 / 1
6.4 CVSS
CVE-2008-1365
RCE Exploit Found

Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

EPSS: 75.21%
5.0 CVSS
CVE-2008-1366

Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.

EPSS: 0.88%
9.3 CVSS
CVE-2007-0325
RCE Exploit Found

Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.

EPSS: 75.67%
6.4 CVSS
CVE-2006-5211

Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program.

EPSS: 1.92%