Trend Micro DirectPass < 1.6.0.1015 Multiple Vulnerabilities

medium Nessus Plugin ID 66811

Synopsis

The remote Windows host contains a program that is potentially affected by multiple vulnerabilities.

Description

The version of Trend Micro DirectPass on the remote Windows host is earlier than 1.6.0.1015 and is, therefore, potentially affected by the following vulnerabilities :

- An input validation error exists in the file 'InstallWorkspace.exe' related to the 'Master Password' field that could allow persistent cross-site scripting attacks.

- An error exists in the file 'InstallWorkspace.exe' related to the 'Master Password' module that could allow a security bypass and arbitrary command execution.

- An error exists in the files 'InstallWorkspace.exe' and 'libcef.dll' that could allow denial of service attacks because of dereferencing a NULL pointer.

Solution

Upgrade to version 1.6.0.1015.

See Also

http://esupport.trendmicro.com/solution/en-US/1096805.aspx

https://seclists.org/fulldisclosure/2013/May/112

Plugin Details

Severity: Medium

ID: 66811

File Name: trendmicro_directpass_1_6_0_1015.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 6/5/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: x-cpe:/a:trend_micro:directpass

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2013

Vulnerability Publication Date: 5/21/2013

Reference Information

BID: 60023

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990