Detections
Analytics

Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution

high Nessus Plugin ID 55593

Language:

Synopsis

The remote Windows host contains a web application that allows remote code execution.

Description

The Trend Micro Control Manager install on the remote Windows host is missing Critical Patch 1422. As such, the included Cas_LogDirectInsert.aspx http handler reportedly has a vulnerability by which malicious XML and schema information can be used in queries in the backend database.

Using a specially crafted POST request, an unauthenticated, remote attacker could reportedly leverage this issue to create and insert a user account that can in turn be used to execute remote code through the management console.

Solution

Upgrade to Trend Micro Control Manager 5.5 if necessary and apply Critical Patch 1422.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-234/

https://www.securityfocus.com/archive/1/518822/30/0/threaded

http://esupport.trendmicro.com/solution/en-us/1058280.aspx

http://www.nessus.org/u?3e94ba65

Plugin Details

Severity: High

ID: 55593

File Name: tmcm_caslogdirectinserthandler_cmd_exec.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 7/14/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2011

Vulnerability Publication Date: 7/11/2011

Reference Information

BID: 48638