Trend Micro OfficeScan Client Firewall Multiple Vulnerabilities

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
vulnerabilities.

Description :

The remote host is either running Trend Micro OfficeScan or Trend
Micro OfficeScan Client. The installed version is affected by multiple
vulnerabilities :

- A vulnerability in 'ApiThread()' function could allow a
malicious local user to execute arbitrary code with
SYSTEM privileges by sending specially crafted packets
to the OfficeScan NT Firewall service (TmPfw.exe)
listening on TCP port 40000 by default.

- A vulnerability in 'ApiThread()' function could allow a
malicious local user to crash the OfficeScan NT Firewall
service (TmPfw.exe) by sending specially crafted packets
to its default TCP port 40000.

- By sending specially crafted packets to the OfficeScan
NT Firewall service (TmPfw.exe) on its default TCP port
40000 it may be possible for a local user to modify
firewall configuration without any authentication.

See also :

http://secunia.com/secunia_research/2008-42
http://secunia.com/secunia_research/2008-43
http://www.nessus.org/u?aac27224

Solution :

Upgrade to Trend Micro OfficeScan 8.0 SP1 Patch 1 and apply patch
3191.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 35451 ()

Bugtraq ID: 33358

CVE ID: CVE-2008-3864
CVE-2008-3865
CVE-2008-3866

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now