CVEブラウザに戻る

CVE-2008-3364

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1020%

EPSS Percentile37.58th

Published2008年7月30日

Last Modified2026年4月23日

Vulnerability Description

Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Trend Micro

Officescan

= 7.3

References & Advisories

🔗 http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899

🔗 http://secunia.com/advisories/31277

🔗 http://secunia.com/advisories/31440

🔗 http://securityreason.com/securityalert/4061

🔗 http://www.securityfocus.com/bid/30407

🔗 http://www.securitytracker.com/id?1020569

🔗 http://www.vupen.com/english/advisories/2008/2220/references

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/44042

関連する脆弱性情報

CVE-2007-345410.0

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote atta...

CVE-2007-345510.0

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the passwor...

CVE-2006-138110.0

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local use...

CVE-2008-243710.0

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 a...