Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Trend Micro OfficeScan Multiple Vulnerabilities June18
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Trend Micro OfficeScan and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to, - The lack of proper validation of the length of user-supplied data prior to using that length to initialize a pool-based buffer within the processing of IOCTL 0x2200B4, IOCTL 0x2200B4, IOCTL 0x220008 in the TMWFP driver. - An out-of-bounds read error within processing of IOCTL 0x220004 by the tmwfp driver. - A vulnerability that render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. - A URL vulnerability to elevate account permissions on vulnerable installations. - An OfficeScan Browser Refresh vulnerability.
Affected Software
Affected Software
Trend Micro OfficeScan versions XG SP1 prior to XG SP1 CP 5147, XG (GM Version) prior to XG CP 1876 (Pre-SP1), 11.0 SP1 prior to 11.0 SP1 CP 6540.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to OfficeScan XG SP1 CP 5147 or XG CP 1876 (Pre-SP1) or 110.0 SP1 CP 6540 or later. Please see the references for more information.