 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.813615 |
| Categoría: | General |
| Título: | Trend Micro OfficeScan Multiple Vulnerabilities (1119961) |
| Resumen: | Trend Micro OfficeScan is prone to multiple vulnerabilities. |
| Descripción: | Summary: Trend Micro OfficeScan is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The lack of proper validation of the length of user-supplied data prior to using that length to initialize a pool-based buffer within the processing of IOCTL 0x2200B4, IOCTL 0x2200B4, IOCTL 0x220008 in the TMWFP driver. - An out-of-bounds read error within processing of IOCTL 0x220004 by the tmwfp driver. - A vulnerability that render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. - A URL vulnerability to elevate account permissions on vulnerable installations. - An OfficeScan Browser Refresh vulnerability. Vulnerability Impact: Successful exploitation will allow attackers to disclose sensitive information, escalate privileges and to bypass other security restrictions on vulnerable installations of Trend Micro OfficeScan. Affected Software/OS: Trend Micro OfficeScan versions XG SP1 prior to XG SP1 CP 5147, XG (GM Version) prior to XG CP 1876 (Pre-SP1), 11.0 SP1 prior to 11.0 SP1 CP 6540. Solution: Upgrade to OfficeScan XG SP1 CP 5147 or XG CP 1876 (Pre-SP1) or 110.0 SP1 CP 6540 or later. Please see the references for more information. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-10358 Common Vulnerability Exposure (CVE) ID: CVE-2018-10359 Common Vulnerability Exposure (CVE) ID: CVE-2018-10505 Common Vulnerability Exposure (CVE) ID: CVE-2018-10506 Common Vulnerability Exposure (CVE) ID: CVE-2018-10507 Common Vulnerability Exposure (CVE) ID: CVE-2018-10508 Common Vulnerability Exposure (CVE) ID: CVE-2018-10509 |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |