Trend Micro OfficeScan Multiple CGI Module Vulnerabilities

high Nessus Plugin ID 34363

Synopsis

The remote host contains an application that is affected by multiple vulnerabilities.

Description

The remote host is either running Worry-Free Business Security or Trend Micro OfficeScan/Trend Micro OfficeScan client. The installed version is affected by multiple vulnerabilities :

- If Trend Micro OfficeScan client 'Tmlisten.exe' is configured to receive updates from other clients, it may be possible to launch a directory traversal attack against the remote host, and read arbitrary files.

- A vulnerability in Trend Micro OfficeScan server CGI modules could be exploited to trigger a buffer overflow issue and execute arbitrary code on the remote system with web server privileges.

- A NULL pointer dereference issue could be exploited to trigger a denial of service condition on the remote system.

Solution

Upgrade to :

- Trend Micro OfficeScan 7.3 Build 1372.
- Trend Micro OfficeScan 8.0 Build 2439/3087 depending on the current OfficeScan patch level.
- Worry-Free Business Security 5.0 Build 1414.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2008-39/

http://www.nessus.org/u?14a47516

http://www.nessus.org/u?b5493c8c

http://www.nessus.org/u?c957bae3

http://www.nessus.org/u?cabe4087

Plugin Details

Severity: High

ID: 34363

File Name: trendmicro_officescan_multiple_vulns.nasl

Version: 1.22

Type: local

Agent: windows

Family: Windows

Published: 10/8/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2008

Reference Information

CVE: CVE-2008-2439, CVE-2008-4402, CVE-2008-4403

BID: 31531

CWE: 119, 22, 399

Secunia: 31343, 32097