Trend Micro OfficeScan versions 7.3 and 8.0 contain a buffer overflow vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
This vulnerability exists due to insufficient validation of password input. An attacker could exploit this vulnerability by sending a malicious logon request containing overly large password values to the affected application, triggering a buffer overflow. Memory corruption resulting from a buffer overflow could allow the attacker to execute arbitrary code.
Proof-of-concept exploit code that demonstrates a buffer overflow resulting in a DoS condition is available.
Trend Micro has not confirmed this vulnerability and updates are not available.