Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution
High Nessus Plugin ID 55593
The remote Windows host contains a web application that allows remote code execution.
The Trend Micro Control Manager install on the remote Windows host is missing Critical Patch 1422. As such, the included Cas_LogDirectInsert.aspx http handler reportedly has a vulnerability by which malicious XML and schema information can be used in queries in the backend database. Using a specially crafted POST request, an unauthenticated, remote attacker could reportedly leverage this issue to create and insert a user account that can in turn be used to execute remote code through the management console.
Upgrade to Trend Micro Control Manager 5.5 if necessary and apply Critical Patch 1422.