[NT] TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability

From: support@securiteam.com
Date: 08/29/01

From: support@securiteam.com
To: list@securiteam.com
Subject: [NT] TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability
Message-Id: <20010829150853.15A6B138BF@mail.der-keiler.de>
Date: Wed, 29 Aug 2001 17:08:53 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  TrendMicro OfficeScan Corp Edition Remote File Reading Vulnerability


Trend Micro OfficeScan Corp Edition contains a vulnerability that allows
attackers to read arbitrary files that are allowed for reading by the user


Vulnerable systems:
Trend Micro OfficeScan Corp Edition version 3.54

Trend Micro OfficeScan Corp Edition is an antivirus software for
enterprises. It provides central virus reporting, automatic virus pattern
updates, and Web-based remote management console. A vulnerability in the
cgiWebupdate.exe, which is one of the CGI programs that is used for remote
management, allows remote users to read arbitrary files with IUSER

Patch information:
The same vulnerability exists in the Japanese edition of the program. This
is a Japanese version of the patch but it can be applied to any other
version (language). The patch is available from the following site:



The information has been provided by <mailto:n-miwa@lac.co.jp> Nobuo Miwa


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.