Trend Micro OfficeScan < 7.3 Build 3172 Client Traversal Arbitrary File Access

Medium Nessus Network Monitor Plugin ID 4705


The remote web server is affected by a directory traversal issue.


The version of Trend Micro OfficeScan client running on the remote host is affected by a directory traversal issue, which can be leveraged by an unauthenticated remote attacker to read arbitrary files on the remote host. Note that successful exploitation requires that 'Tmlisten.exe' be configured to receive updates from other clients.


Upgrade to version 7.3 Build 3172 or higher.

See Also

Plugin Details

Severity: Medium

ID: 4705

Family: Generic

Published: 2008/10/08

Modified: 2018/07/11

Nessus ID: 34362

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan

Reference Information

CVE: CVE-2008-4402, CVE-2008-4403, CVE-2008-2439

BID: 31531