JVNDB-2016-000074

Trend Micro enterprise products directory traversal vulnerability

Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability.

According to the developer, exploiting the vulnerability requires access to the LAN environment of the user.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.

Trend Micro, Inc.

• OfficeScan 11.0
• Worry-Free Business Security 9.0
• Worry-Free Business Security Services 5.x

An attacker that can access the user's LAN environment may obtain access to files on the device.

If using OfficeScan 11.0:
[Apply the Update Module]
Contact the developer's suuport center and inquire about the Update Module (HotFix).
According to the developer, applying the Critical Patch planned for release at the end of June 2016 will also address the vulnerability.

If using Worry-Free Business Security 9.0:
[Update the software]
According to the developer, applying Service Pack 3 planned for release at the end of June 2016 will address the vulnerabilities.

If using Worry-Free Business Security Services 5.x:
[Update the Software]
Update the software according to the information provided by the developer.

Trend Micro, Inc.

• Trend Micro Homepage (Japan) : Alert/Advisory: About "Path Traversal Vulnerability" and "HTTP Header Injection Vulnerability" (in Japanese)

1. Path Traversal(CWE-22) [IPA Evaluation]

1. CVE-2016-1223

1. JVN : JVN#48847535
2. National Vulnerability Database (NVD) : CVE-2016-1223

• [2016/06/02]
    Web page was published
  [2016/06/22]
    References : Content was added