Trend Micro OfficeScan Multiple CGI Module Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.

Synopsis :

The remote host contains an application that is affected by multiple

Description :

The remote host is either running Worry-Free Business Security or
Trend Micro OfficeScan/Trend Micro OfficeScan client. The installed
version is affected by multiple vulnerabilities :

- If Trend Micro OfficeScan client 'Tmlisten.exe' is
configured to receive updates from other clients, it
may be possible to launch a directory traversal attack
against the remote host, and read arbitrary files.

- A vulnerability in Trend Micro OfficeScan server CGI
modules could be exploited to trigger a buffer overflow
issue and execute arbitrary code on the remote system
with web server privileges.

- A NULL pointer dereference issue could be exploited to
trigger a denial of service condition on the remote

See also :

Solution :

Upgrade to :

- Trend Micro OfficeScan 7.3 Build 1372.
- Trend Micro OfficeScan 8.0 Build 2439/3087
depending on the current OfficeScan patch level.
- Worry-Free Business Security 5.0 Build 1414.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 34363 ()

Bugtraq ID: 31531

CVE ID: CVE-2008-2439

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now