Trend Micro DirectPass < 1.6.0.1015 Multiple Vulnerabilities

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program that is potentially affected
by multiple vulnerabilities.

Description :

The version of Trend Micro DirectPass on the remote Windows host is
earlier than 1.6.0.1015 and is, therefore, potentially affected by the
following vulnerabilities :

- An input validation error exists in the file
'InstallWorkspace.exe' related to the 'Master Password'
field that could allow persistent cross-site scripting
attacks.

- An error exists in the file 'InstallWorkspace.exe'
related to the 'Master Password' module that could
allow a security bypass and arbitrary command execution.

- An error exists in the files 'InstallWorkspace.exe' and
'libcef.dll' that could allow denial of service attacks
because of dereferencing a NULL pointer.

See also :

http://esupport.trendmicro.com/solution/en-US/1096805.aspx
http://seclists.org/fulldisclosure/2013/May/112

Solution :

Upgrade to version 1.6.0.1015.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 66811 ()

Bugtraq ID: 60023

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now