Back to CVE Browser

CVE-2007-3455

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0040%

EPSS Percentile11.77th

PublishedJun 27, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."

Affected Platforms (CPE)

📦

Trend Micro

Officescan

= 8.0

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558

🔗 http://osvdb.org/36628

🔗 http://secunia.com/advisories/25778

🔗 http://www.securityfocus.com/bid/24641

🔗 http://www.securityfocus.com/bid/24935

🔗 http://www.securitytracker.com/id?1018320

🔗 http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt

🔗 http://www.vupen.com/english/advisories/2007/2330

Related Vulnerabilities

CVE-2007-345410.0

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote atta...

CVE-2008-243710.0

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 a...

CVE-2006-138110.0

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local use...

CVE-2008-440210.0

Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 bef...