Trend Micro OfficeScan Multiple CGI Module Vulnerabilities
High Nessus Plugin ID 34363
SynopsisThe remote host contains an application that is affected by multiple vulnerabilities.
DescriptionThe remote host is either running Worry-Free Business Security or Trend Micro OfficeScan/Trend Micro OfficeScan client. The installed version is affected by multiple vulnerabilities :
- If Trend Micro OfficeScan client 'Tmlisten.exe' is configured to receive updates from other clients, it may be possible to launch a directory traversal attack against the remote host, and read arbitrary files.
- A vulnerability in Trend Micro OfficeScan server CGI modules could be exploited to trigger a buffer overflow issue and execute arbitrary code on the remote system with web server privileges.
- A NULL pointer dereference issue could be exploited to trigger a denial of service condition on the remote system.
SolutionUpgrade to :
- Trend Micro OfficeScan 7.3 Build 1372.
- Trend Micro OfficeScan 8.0 Build 2439/3087 depending on the current OfficeScan patch level.
- Worry-Free Business Security 5.0 Build 1414.