Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Trend Micro OfficeScan/VirusBuster Arbitrary File Disclosure

Trend Micro OfficeScan/VirusBuster Arbitrary File Disclosure

by Phiber on August 29th, 2001 Trend Micro Virus Buster/OfficeScan Corporate Edition versions 3.5x are prone to a vulnerability which will allow remote attackers to display arbitrary files(those readable by IUSER, the privileges given to the internet user group and subsequently the application, in Windows NT/2000).


The problem exists with one of the software's web management interface programs, which does not prevent attempts to browse the filesystem of the host.

- Successful exploitation of this vulnerability may disclose sensitive information to the attacker, which could be used to mount further attacks on the hosts.


Solution:

A patch has been released for Trend Micro Virus Buster Corporate Edition(the Japanese version of Officescan Corporate Edition).



Trend Micro requests that users contact their local Trend Micro support team for a patch for other language versions of OfficeScan.



Trend Micro Virus Buster Corporate Edition 3.54:

- Trend Micro patch 3086VBC354H2.exe


Trend Micro Virus Buster Corporate Edition 3.53:

- Trend Micro patch 3086VBC352-3.EXE


Trend Micro Virus Buster Corporate Edition 3.52:

- Trend Micro patch 3086VBC352-3.EXE

Credits go to Nobuo Miwa.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »