Trend Micro OfficeScan Client Traversal Arbitrary File Access

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a directory traversal issue.

Description :

The version of Trend Micro OfficeScan client running on the remote
host is affected by a directory traversal issue that can be
leveraged by an unauthenticated, remote attacker to read arbitrary
files on the remote host.

Note that successful exploitation requires that 'Tmlisten.exe' be
configured to receive updates from other clients.

See also :

Solution :

Upgrade to :

- Trend Micro OfficeScan 7.3 Build 3172.
- Trend Micro OfficeScan 8.0 Build 2439/3087
depending on the current OfficeScan patch level.
- Worry-Free Business Security 5.0 Build 1414.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 34362 ()

Bugtraq ID: 31531

CVE ID: CVE-2008-2439

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial