CVE-2008-1365

Trend Micro OfficeScan Corporate Edition <= 7.3 Patch 3 - Stack-Based Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-1365. PoCs published by Metasploit, Luigi Auriemma, toto, including Metasploit module exploits/windows/http/trendmicro_officescan.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Trend Micro OfficeScan's cgiChkMasterPwd.exe, allowing remote code execution with SYSTEM privileges. It uses a crafted POST request to trigger the vulnerability and execute shellcode.

Description

Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16768

This exploit targets a stack buffer overflow in Trend Micro OfficeScan's cgiChkMasterPwd.exe, allowing remote code execution with SYSTEM privileges. It uses a crafted POST request to trigger the vulnerability and execute shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro OfficeScan 7.3.0.1293
No auth needed
Prerequisites: Network access to the target's OfficeScan console on port 8080
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/31310

The provided text describes a buffer-overflow and denial-of-service vulnerability in Trend Micro OfficeScan Corporate Edition. It lacks actual exploit code but references a binary exploit available via a GitLab link.

Classification
Writeup 90%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Theoretical
Target: Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 Build 1189 and earlier, 7.0 Patch 3 Build 1314 and earlier
No auth needed
Prerequisites: Access to send malformed data to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by toto · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/trendmicro_officescan.rb

This Metasploit module exploits a stack buffer overflow in Trend Micro OfficeScan's cgiChkMasterPwd.exe (CVE-2008-1365) to achieve remote code execution with SYSTEM privileges. It uses alphanumeric shellcode and a custom encoder to bypass bad character restrictions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro OfficeScan 7.3.0.1293
No auth needed
Prerequisites: Network access to the target's OfficeScan console (port 8080)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29124
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0702
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019523
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28020

Scores

EPSS 0.5111
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (1)
trend_micro/officescan_corporate_edition < 7.3_patch3_build1314
Published Mar 17, 2008
Tracked Since Feb 18, 2026