Trend Micro OfficeScan Client Traversal Arbitrary File Access

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a directory traversal issue.

Description :

The version of Trend Micro OfficeScan client running on the remote
host is affected by a directory traversal issue that can be
leveraged by an unauthenticated, remote attacker to read arbitrary
files on the remote host.

Note that successful exploitation requires that 'Tmlisten.exe' be
configured to receive updates from other clients.

See also :

Solution :

Upgrade to :

- Trend Micro OfficeScan 7.3 Build 3172.
- Trend Micro OfficeScan 8.0 Build 2439/3087
depending on the current OfficeScan patch level.
- Worry-Free Business Security 5.0 Build 1414.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 34362 ()

Bugtraq ID: 31531

CVE ID: CVE-2008-2439

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now