The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Trend Micro OfficeScan

computer vulnerability alert CVE-2017-14083 CVE-2017-14084 CVE-2017-14085

Trend Micro OfficeScan: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro OfficeScan.
Impacted products: OfficeScan.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 28/09/2017.
Identifiers: CVE-2017-14083, CVE-2017-14084, CVE-2017-14085, CVE-2017-14086, CVE-2017-14087, CVE-2017-14088, CVE-2017-14089, VIGILANCE-VUL-23966, ZDI-17-828, ZDI-17-829.

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro OfficeScan.

An attacker can bypass security features via Encryption Key Disclosure, in order to obtain sensitive information. [severity:2/4; CVE-2017-14083]

An attacker can use a vulnerability via CURL, in order to run code. [severity:3/4; CVE-2017-14084]

An attacker can bypass security features via NT Domain, in order to obtain sensitive information. [severity:2/4; CVE-2017-14085]

An attacker can use a vulnerability via DOS/INI, in order to run code. [severity:3/4; CVE-2017-14086]

An attacker can bypass access restrictions via Host Header Injection, in order to read or alter data. [severity:2/4; CVE-2017-14087]

An attacker can generate a memory corruption via tmwfp, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-14088, ZDI-17-828, ZDI-17-829]

An unknown vulnerability was announced. [severity:2/4; CVE-2017-14089]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-11393 CVE-2017-11394

Trend Micro OfficeScan: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro OfficeScan.
Impacted products: OfficeScan.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/08/2017.
Identifiers: 1117769, CVE-2017-11393, CVE-2017-11394, trendmicro_imsva_widget_exec.rb, trendmicro_officescan_widget_exec.rb, VIGILANCE-VUL-23420, ZDI-17-521, ZDI-17-522.

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro OfficeScan.

An attacker can trigger a Cross Site Scripting via Mapping Display, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2017-11393, ZDI-17-522]

An attacker can use a vulnerability via Post-auth Command, in order to run code. [severity:3/4; CVE-2017-11394, ZDI-17-521]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-5481 CVE-2017-8801

Trend Micro OfficeScan: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro OfficeScan.
Impacted products: OfficeScan.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/04/2017.
Identifiers: 1117204, CVE-2017-5481, CVE-2017-8801, VIGILANCE-VUL-22564.

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro OfficeScan.

An attacker can bypass security features, in order to get encrypted passwords or password hashes. [severity:1/4]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-5565 CVE-2017-5566 CVE-2017-5567

Antivirus: privilege escalation via Microsoft Application Verifier

Synthesis of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Impacted products: Avast AV, NOD32 Antivirus, F-Secure AV, AVG AntiVirus, McAfee MOVE AntiVirus, VirusScan, Norton Antivirus, Norton Internet Security, Panda AV, Panda Internet Security, TrendMicro Internet Security, OfficeScan.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 22/03/2017.
Identifiers: 1116957, CVE-2017-5565, CVE-2017-5566, CVE-2017-5567, CVE-2017-6186, CVE-2017-6417, VIGILANCE-VUL-22211.

Description of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 20798

Trend Micro OfficeScan: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Trend Micro OfficeScan, in order to read a file outside the service root path.
Impacted products: OfficeScan.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 07/10/2016.
Identifiers: 1114097, 2016-0116, VIGILANCE-VUL-20798.

Description of the vulnerability

The Trend Micro OfficeScan product offers a web service.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Trend Micro OfficeScan, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-1223

Trend Micro OfficeScan: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Trend Micro Office Scan, in order to read a file outside the service root path.
Impacted products: OfficeScan.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 21/06/2016.
Identifiers: CVE-2016-1223, JVN#48847535, VIGILANCE-VUL-19940.

Description of the vulnerability

The Trend Micro Office Scan product offers a web service.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Trend Micro Office Scan, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 18694

Trend Micro: code execution via Password Manager

Synthesis of the vulnerability

An attacker can invite the victim to display a web document containing a malicious url, in order to run code in Password Manager of Trend Micro.
Impacted products: OfficeScan, TrendMicro Titanium.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/01/2016.
Identifiers: VIGILANCE-VUL-18694.

Description of the vulnerability

The Trend Micro products install the Password Manager tool on Windows.

However, a web service is enabled on port 49155/tcp, and the /api/openUrlInDefaultBrowser page directly calls the ShellExecute() function.

An attacker can therefore invite the victim to display a web document containing a malicious url, in order to run code in Password Manager of Trend Micro.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 18671

Windows: code execution during application installation

Synthesis of the vulnerability

An attacker can invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Impacted products: 7-Zip, ZoneAlarm, FileZilla Server, GIMP, Chrome, Kaspersky AV, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, Opera, Panda AV, Panda Internet Security, PuTTY, OfficeScan, TrueCrypt, VLC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 11/01/2016.
Identifiers: sk110055, VIGILANCE-VUL-18671.

Description of the vulnerability

When a user installs a new application on Windows, he downloads the installation program (install.exe for example), and then runs it.

However, several installation programs load DLL (for example graph.dll) from the current directory. So, if an attacker invited the victim to download a malicious graph.dll file, before he runs install.exe from the Download directory, the code located in the DLL is run.

See also the bulletin VIGILANCE-VUL-19558 for other impacted products.

An attacker can therefore invite the victim to download malicious libraries on Windows, in order to run code during the installation of an application requiring these DLL.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0160

OpenSSL: information disclosure via Heartbeat

Synthesis of the vulnerability

An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Impacted products: Tomcat, ArubaOS, i-Suite, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, ARCserve Backup, ASA, Cisco Catalyst, IOS XE Cisco, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Cisco IP Phone, Cisco Unity ~ precise, XenDesktop, Clearswift Email Gateway, Clearswift Web Gateway, Debian, ECC, PowerPath, ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, HP Diagnostics, LoadRunner, Performance Center, AIX, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SA, Juniper UAC, LibreOffice, McAfee Email Gateway, ePO, GroupShield, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows 8, Windows RT, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, Opera, Solaris, pfSense, HDX, RealPresence Collaboration Server, Polycom VBP, Puppet, RHEL, RSA Authentication Manager, SIMATIC, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, ASE, OfficeScan, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware Player, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/04/2014.
Identifiers: 1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951.

Description of the vulnerability

The Heartbeat extension of TLS (RFC 6520) provides a keep-alive feature, without performing a renegotiation. It exchanges random data in a payload.

Version 1.0.1 of OpenSSL implements Heartbeat, which is enabled by default. The [d]tls1_process_heartbeat() function manages Heartbeat messages. However, it does not check the size of random data, and continues to read after the end of the payload, and then sends the full memory area (up to 64kb) to the peer (client or server).

An attacker can therefore use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-1425 CVE-2012-1443 CVE-2012-1448

TrendMicro antivirus: bypassing via CAB, RAR, TAR, ZIP

Synthesis of the vulnerability

An attacker can create an archive containing a virus, which is not detected by TrendMicro antivirus.
Impacted products: OfficeScan, ScanMail.
Severity: 1/4.
Consequences: data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 21/03/2012.
Identifiers: BID-52580, BID-52603, BID-52608, BID-52610, BID-52612, BID-52621, BID-52623, BID-52626, CVE-2012-1425, CVE-2012-1443, CVE-2012-1448, CVE-2012-1453, CVE-2012-1456, CVE-2012-1457, CVE-2012-1459, CVE-2012-1461, VIGILANCE-VUL-11476.

Description of the vulnerability

Tools extracting archives accept to extract archives which are slightly malformed. However, TrendMicro antivirus does not detect viruses contained in these archives.

A TAR archive containing "\50\4B\03\04" as its first 4 bytes bypasses the detection. [severity:1/4; BID-52580, CVE-2012-1425]

A RAR archive containing "MZ" as its first 2 bytes bypasses the detection. [severity:1/4; BID-52612, CVE-2012-1443]

A CAB archive containing a large "cbCabinet" field bypasses the detection. [severity:1/4; BID-52603, CVE-2012-1448]

A CAB archive containing a large "coffFiles" field bypasses the detection. [severity:1/4; BID-52621, CVE-2012-1453]

A ZIP archive starting by TAR data bypasses the detection. [severity:1/4; BID-52608, CVE-2012-1456]

A TAR archive with a large size bypasses the detection. [severity:1/4; BID-52610, CVE-2012-1457]

A TAR archive with a header containing a large value bypasses the detection. [severity:1/4; BID-52623, CVE-2012-1459]

A TAR+GZ archive containing two streams bypasses the detection. [severity:1/4; BID-52626, CVE-2012-1461]

An attacker can therefore create an archive containing a virus which is not detected by the antivirus, but which is extracted by extraction tools. The virus is then detected once it has been extracted on victim's computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Trend Micro OfficeScan: