OSVDB ID: 48730

Title: Trend Micro OfficeScan OfficeScanNT Listener Traversal Arbitrary File Access

Info

Disclosure

Sep 30, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 30, 2008

Description

Trend Micro OfficeScan contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a HTTP GET request containing dot dot slash directory traversal, which will disclose arbitrary files as the SYSTEM account, resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, TrendMicro has released a patch to address this vulnerability.

Products

Trend Micro, Inc.	OfficeScan Corporate Edition	7.3 Patch 4 build 1367
		8.0 SP1 build 1221
		8.0 SP1 Patch 1 before build 3086
		7.3 Patch 4 build 1367
		8.0 SP1 build 1221
		8.0 SP1 Patch 1 before build 3086
	Worry-Free Business Security	5.0
	Worry-Free Business Security	5.0

References

CVE ID: 2008-2439 (see also: NVD)
Secunia Advisory ID: 31343 32097
Bugtraq ID: 31531
Metasploit ID: 48730
VUPEN Advisory: ADV-2008-2711 ADV-2008-2712
Generic Exploit URL: http://metasploit.com/svn/framework3/trunk/modules/auxiliary/admin/officescan/tmlisten_traversal.rb
Other Advisory URL: http://secunia.com/secunia_research/2008-39/
Mail List Post: http://www.securityfocus.com/archive/1/496970/100/0/threaded
Vendor Specific News/Changelog Entry: http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt
Vendor Specific Advisory URL: http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt
http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt
Vendor Specific Solution URL: http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1372.exe
http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_CriticalPatch_B1414.exe

Credit

Dyon Balding - Secunia
Dyon Balding - Secunia

Direct URL: http://osvdb.org/48730

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Trend Micro, Inc.

OfficeScan Corporate Edition

Worry-Free Business Security

References

Credit