返回 CVE 浏览器

CVE-2007-3455

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0040%

EPSS Percentile11.77th

Published2007年6月27日

Last Modified2026年4月23日

Vulnerability Description

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."

Affected Platforms (CPE)

📦

Trend Micro

Officescan

= 8.0

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558

🔗 http://osvdb.org/36628

🔗 http://secunia.com/advisories/25778

🔗 http://www.securityfocus.com/bid/24641

🔗 http://www.securityfocus.com/bid/24935

🔗 http://www.securitytracker.com/id?1018320

🔗 http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt

🔗 http://www.vupen.com/english/advisories/2007/2330

相关漏洞威胁

CVE-2007-345410.0

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote atta...

CVE-2008-243710.0

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 a...

CVE-2006-138110.0

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local use...

CVE-2008-440210.0

Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 bef...