Trend Micro Vulnerability

Monday, July 18, 2011 @ 03:07 PM gHale


A vulnerability in security software provider Trend Micro’s Control Manager can suffer exploitation to reveal sensitive information, according to Secunia.

Input passed via the “module” parameter to WebApp/widget/proxy_request.php (when “sid” is set to “undefined” and “serverid”, “SORTFIELD”, “SELECTION”, and “WID” are set) is not properly verified before being used to read files.

RELATED STORIES
Apache Tomcat Security Vulnerability
Wireless Weakness Patched
Microsoft Security Center Site Breached
Microsoft Updates Rootkit Removal Plan

The end result could be a hacker could read arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 5.5 (Build 1250). Other versions may also suffer from the same vulnerability.

One solution is to apply hotfix 1470, or contact Trend Micro for details.



Leave a Reply

You must be logged in to post a comment.