Trend Micro OfficeScan Directory Traversal Vulnerability
Gravité: : Medium
Identifiant(s) CVE: : CVE-2008-2439
Description
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1003177
Trend Micro Deep Security DPI Rule Name: 1003177 - Trend Micro OfficeScan Directory Traversal Vulnerability
Affected software and version:
- trend_micro officescan 7.3
- trend_micro officescan 8.0
- trend_micro worry_free_business_security 5.0