Trend Micro OfficeScan < 7.3 Build 3172 Client Traversal Arbitrary File Access

Medium Nessus Network Monitor Plugin ID 4705

Synopsis

The remote web server is affected by a directory traversal issue.

Description

The version of Trend Micro OfficeScan client running on the remote host is affected by a directory traversal issue, which can be leveraged by an unauthenticated remote attacker to read arbitrary files on the remote host. Note that successful exploitation requires that 'Tmlisten.exe' be configured to receive updates from other clients.

Solution

Upgrade to version 7.3 Build 3172 or higher.

See Also

http://www.nessus.org/u?14a47516

http://www.nessus.org/u?b5493c8c

http://www.nessus.org/u?c957bae3

http://www.nessus.org/u?cabe4087

http://secunia.com/secunia_research/2008-39

Plugin Details

Severity: Medium

ID: 4705

Family: Generic

Published: 2008/10/08

Modified: 2018/07/11

Nessus ID: 34362

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan

Reference Information

CVE: CVE-2008-4402, CVE-2008-4403, CVE-2008-2439

BID: 31531