CVE-2008-1366

Published: Mar 17, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.

Affected (2)

Products: Trend Micro: Officescan Corporate Edition

1 product

Officescan Corporate Edition

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trend Micro Officescan Corporate Edition	Up to 7.3_patch3_build1314
Trend Micro Officescan Corporate Edition	Up to 8.0_patch2_build1189

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://aluigi.altervista.org/adv/officescaz-adv.txt

Source: cve@mitre.org

http://secunia.com/advisories/29124

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/28020

Source: cve@mitre.org

http://www.securitytracker.com/id?1019522

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0702

Source: cve@mitre.org

http://aluigi.altervista.org/adv/officescaz-adv.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29124

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/28020

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019522

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0702

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.