This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.
It is possible to execute code on the remote host through the
The remote version of Trend Micro ServerProtect exposes multiple
insecure methods through its RPC interface that let an unauthenticated
remote attacker list, read and write to arbitrary files on the
By sending legitimate requests to the remote service, an attacker may
be able to exploit those functions to execute code with SYSTEM
See also :
Reports suggest that the issues have been addressed in Security Patch
5 rather than 4 as ZDI states.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true