[NT] TrendMicro OfficeScan Corp Edition Remote File Reading VulnerabilityFrom: firstname.lastname@example.org
- Previous message: email@example.com: "[TOOL] IDABlocker, CodeRed Log File Blocker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: firstname.lastname@example.org To: email@example.com Subject: [NT] TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability Message-Id: <20010829150853.15A6B138BF@mail.der-keiler.de> Date: Wed, 29 Aug 2001 17:08:53 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability
Trend Micro OfficeScan Corp Edition contains a vulnerability that allows
attackers to read arbitrary files that are allowed for reading by the user
Trend Micro OfficeScan Corp Edition version 3.54
Trend Micro OfficeScan Corp Edition is an antivirus software for
enterprises. It provides central virus reporting, automatic virus pattern
updates, and Web-based remote management console. A vulnerability in the
cgiWebupdate.exe, which is one of the CGI programs that is used for remote
management, allows remote users to read arbitrary files with IUSER
The same vulnerability exists in the Japanese edition of the program. This
is a Japanese version of the patch but it can be applied to any other
version (language). The patch is available from the following site:
The information has been provided by <mailto:firstname.lastname@example.org> Nobuo Miwa
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: email@example.com
In order to subscribe to the mailing list, simply forward this email to: firstname.lastname@example.org
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.