copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Alert » AL-2008.0108 -- [Win] -- Trend Micro OfficeScan Crit...
 

AL-2008.0108 -- [Win] -- Trend Micro OfficeScan Critical Patch Released
Date: 23 October 2008

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2008.0108 -- AUSCERT ALERT
                                   [Win]
              Trend Micro OfficeScan Critical Patch Released
                              23 October 2008

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:              Trend Micro OfficeScan 7.3
                      Trend Micro OfficeScan 8.0 SP 1 Patch 1
Publisher:            CCIRC
Operating System:     Windows
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated

Original Bulletin:    http://www.publicsafety.gc.ca/prg/em/ccirc/2008/av08-079-eng.aspx

Revision History:     May 10 2012: Corrected details
                      October 23 2008: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

PUBLIC SAFETY CANADA
CANADIAN CYBER INCIDENT RESPONSE CENTRE

*****************
    ADVISORY
*****************

Number: AV08-079
Date:   22 October 2008

*********************************************
Trend Micro OfficeScan Critical Patch Release 
*********************************************

PURPOSE
- ---------
A vulnerability has been reported in Trend Micro OfficeScan product. This 
vulnerability is due to a stack-based buffer overflow condition, which could 
allow an attacker to execute arbitrary code on the affected system.


ASSESSMENT
- -------------

This patch addresses a potential security issue, which causes a stack-based 
buffer overflow. This condition is triggered by sending a specially crafted 
HTTP request containing form data to the server CGI module. 

Trend Micro OfficeScan 7.3 Critical Patch - Build 1374 CGI modules
This critical patch can be applied to any language version that OfficeScan 
supports. After applying Critical patch 1374, the buffer overflow issue is 
addressed by replacing old modules with the updated modules.

Trend Micro OfficeScan 8.0 SP 1 Patch 1 Critical Patch - Build 3110 CGI modules
After applying Critical patch 3110, the buffer overflow issue is addressed by 
replacing old modules with the updated modules. NOTE: Install hot fix 3110 
only on computers running OfficeScan 8.0 Service Pack 1 Patch 1.


Affected Products:

Trend Micro OfficeScan 7.3
Trend Micro OfficeScan 8.0 SP 1 Patch 1


SUGGESTED ACTION
- ----------------
CCIRC recommends that administrators test and install the patch from Trend 
Micro OfficeScan version 7.3 or 8.0 SP 1 Patch 1, as applicable, at the 
earliest opportunity.  See links to patches below.

Trend Micro OfficeScan 8.0 SP1 Patch 1 Critical Patch - Build 3110 CGI modules:
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe

Trend Micro OfficeScan 7.3 Critical Patch - Build 1374 CGI modules:
http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe

REFERENCES: 
- ----------- 
http://www.trendmicro.com/download/product.asp?productid=5


Note to Readers

Public Safety Canada collects information related to cyber and physical 
threats to, and incidents involving, Canadian critical infrastructure. 
This allows us to monitor and analyze threats and to issue alerts, 
advisories, and other information products.
The Government Operations Centre (GOC) provides strategic level coordination 
and direction on behalf of the Government of Canada, in response to emerging 
or occurring events in the national interest, including threats to and 
incidents involving Canadian critical infrastructure. The GOC receives, 
shares, and coordinates information with other federal departments, as well 
as provincial/territorial and international partners.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT6sYEu4yVqjM2NGpAQLpeg//WmYyfEhUGbiCiIE38WrWyNh6xgh4/Ax6
89FSYL6GFVHT/rwaYaJMPbz6Drcg3QDPJm8Ivd15mWJF8wm8QGBmgD58PSqlKx+9
yoALlVPu6TY53Q2QELPQNhLYH/dEgYl95brIiLdx5jx7MG3PDp7AGD6lfj8qUerM
EbDd3SzfKnHwEcXYaw8yPMCPihPtis64OC7YdYXJso1HJpRClQxOZHFqb1QG8/Ft
EcQPp7o31W6Dp+NwsDova0iTl7pABfBSPr1j2jear6Bx9dr0wkc6Dy63W1se30vS
NA94YMM1lZMB4xNqPeHC0Zml9677cLl/8xVnL7KONdCDU/FZDvGIQapBlHBzAzva
EbeHIY77Y8fue+QSa1ifNU7Ej2SbaR+3cGEYJ/plLT+Uiv+vfPPFltsxvd0XOCt0
C3NjrvigCU6IJImK6bix0q1IzNuc2dLVybzpUy64LOgyRumVidfIxgiMwScPoh21
r0AWr66Ba3/88y+FZogr4sd1eydAeExL/XV3Di7YxEUuHJaEjX9ItNsDSkjgUTHW
Y2K5TrFjJtbhnNui2zj9VbrONmBwHtAdlUkXpQ7f1T4dJYYS4kuXQoqQvO+Gbndr
zEQlGMUsZvJm8QTg5dYOTlRSKvL+LAesaDf+I7oR1K1dk38aPbPncsdcGsdiF7qB
aQYxATwmaog=
=S7qs
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/10006