Trend Micro OfficeScan < 7.3 Build 3172 Client Traversal Arbitrary File Access

medium Nessus Network Monitor Plugin ID 4705

Synopsis

The remote web server is affected by a directory traversal issue.

Description

The version of Trend Micro OfficeScan client running on the remote host is affected by a directory traversal issue, which can be leveraged by an unauthenticated remote attacker to read arbitrary files on the remote host. Note that successful exploitation requires that 'Tmlisten.exe' be configured to receive updates from other clients.

Solution

Upgrade to version 7.3 Build 3172 or higher.

See Also

http://www.nessus.org/u?14a47516

http://www.nessus.org/u?b5493c8c

http://www.nessus.org/u?c957bae3

http://www.nessus.org/u?cabe4087

http://secunia.com/secunia_research/2008-39

Plugin Details

Severity: Medium

ID: 4705

Family: Generic

Published: 10/8/2008

Updated: 3/6/2019

Nessus ID: 34362

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:officescan

Reference Information

CVE: CVE-2008-2439, CVE-2008-4402, CVE-2008-4403

BID: 31531