[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     40
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.40
   TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER
   authority Vulnerability
   
   Problem first discovered: Tue, 21 Aug 2001
   Published: Fri, 24 Aug 2001
     _________________________________________________________________
   
   Overview:
   
   Trend Micro OfficeScan Corp Edition ver.3.54 contains a vulnerability
   which allows attackers to read arbitrary files with IUSER privilege.
   
   Problem Description: 
   
   Trend Micro OfficeScan Corp Edition is an antivirus software for
   enterprise use. It provides central virus reporting, automatic virus
   pattern updates, and Web-based remote management console. A
   vulnerability lies in cgiWebupdate.exe, which is one of cgi programs
   and is used for remote management. This problem can allow remote users
   to read arbitrary files with IUSER privilege.
   
     Tested Version:
     
     Trend Micro OfficeScan Corp Edition Version 3.54
     
     Tested OS:
     
     Windows 2000 Server
     
     Patch Information:
     
     The same vulnerability exists in the Japanese version.There is a
     Japanese patch version for this vulnerability, which can be applied
     to any other version. The patch is available at the following site:
     
     [7]http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutio
     nId=3086
     
     Discovered by:
     
     Nobuo Miwa (LAC / [8]n-miwa@lac.co.jp)
     
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/40_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/39_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/41_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/40.html
   7. http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=3086
   8. mailto:n-miwa@lac.co.jp