Vulnerabilities in Trend Micro's OfficeScan
Security service provider iDefense has reported several vulnerabilities in Trend Micro’s OfficeScan product which could allow attackers to inject and execute arbitrary code on the server or to gain unauthorised access to the management console to change its settings.
OfficeScan installs several executable CGI files used for configuring the antivirus software through the web interface. Malicious requests for these files with overly long session cookies may cause a buffer overflow and allow attackers to inject arbitrary code to be executed with Internet Information Server (IIS) privileges.
The web interface of the management console used for client administration calls cgiChkMasterPwd.exe to check encrypted user login data. If an attacker sends an empty encryption string and an empty hash, he is assigned a valid session ID which can be used to access the console and change its settings.
These vulnerabilities have been confirmed for versions 3.0, 3.5 and 3.6 of Trend Micro’s Client Server Messaging software and for OfficeScan 6.0 for SMB2.0, 6.5, 7.0, 7.3 and 8.0. The vendor has released updates to fix these holes. Administrators are advised to install the fixes as soon as possible.
- Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability, security advisory by iDefense
- Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability, security advisory by iDefense
- Updates for Trend Micro’s Client Server Messaging
- Updates for Trend Micro’s OfficeScan