Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Trend Micro OfficeScan CGI模块栈溢出及绕过认证漏洞
Vulnerability Description
Trend Micro OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan安装中包含有一些CGI可执行程序,用于通过Web界面进行配置。一些二进制程序使用一个名为CGIOCommon.dll的共享库访问从父IIS进程所传送过来的环境变量。如果对有漏洞的函数库提交了恶意的Web请求,包括超长的会话cookie,就会触发栈溢出,导致以IIS Web用户的权限执行任意代码。 此外OfficeScan安装还包含有一个web管理控制台,允许管理员配置所管理的应用程序和Antivirus客
CVSS Information
N/A
Vulnerability Type
N/A