Trend Micro OfficeScan 7.3 Multiple Vulnerabilities

high Nessus Plugin ID 22048

Synopsis

The remote web server is vulnerable to remote code execution.

Description

The remote host appears to be running Trend Micro OfficeScan Server.

This version of OfficeScan is vulnerable to multiple stack overflows in CGI programs that could allow a remote attacker to execute code in the context of the remote server.

Note that OfficeScan server under Windows runs with SYSTEM privileges, which means an attacker can gain complete control of the affected host.

In addition, there is a format string vulnerability in the 'ATXCONSOLE.OCX' ActiveX Control that could allow for remote code execution via malicious input to the console's Remote Client Install name search as well as flaws that might allow for removal of the OfficeScan client or arbitrary files from the remote host.

Solution

Trend Micro has released 2 patches for OfficeScan 7.3.

See Also

http://www.nessus.org/u?45da9450

http://www.nessus.org/u?4805fbf2

Plugin Details

Severity: High

ID: 22048

File Name: trendmicro_officescan_multiple.nasl

Version: 1.32

Type: remote

Family: CGI abuses

Published: 7/14/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 6/23/2006

Vulnerability Publication Date: 4/21/2006

Reference Information

CVE: CVE-2006-5157, CVE-2006-5211, CVE-2006-5212, CVE-2006-6178, CVE-2006-6179

BID: 20284, 20330, 21442