JVNDB-2016-000103

Deep Discovery Inspector vulnerable to remote code execution

Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.

Trend Micro, Inc.

• Deep Discovery Inspector 3.8 SP1 (3.81)
• Deep Discovery Inspector 3.7
• Deep Discovery Inspector 3.5
• Deep Discovery Inspector 3.2
• Deep Discovery Inspector 3.1
• Deep Discovery Inspector 3.0

Note that the product name and versions above are ones used in Japan. The product name and versions may differ in respective countries or regions. For more details, refer to the information provided by the developer.

An attacker who can access the product as an administrator may execute arbitrary code with the root privilege.

For Deep Discovery Inspector 3.5 and later:
[Apply the patch]
Apply the appropriate patch according to the information provided by the developer.

For Deep Discovery Inspector 3.2 and earlier:
[Update the software and Apply the patch]
Update the software to Deep Discovery Inspector 3.5 or later, and apply the appropriate patch according to the information provided by the developer.

Trend Micro, Inc.

• TrendMicro Solution : Trend Micro Deep Discovery Inspector (DDI) Remote Code Execution Vulnerability

1. No Mapping(CWE-noinfo) [IPA Evaluation]

1. CVE-2016-5840

1. JVN : JVN#55428526
2. National Vulnerability Database (NVD) : CVE-2016-5840

• [2016/06/16]
    Web page was published
  [2016/07/12]
    Affected Products : Product was added
    Solution was modified
    CVE : CVE-ID was added
    References : Content was added