Trend Micro release patches for vulnerabilities in OfficeScan 8.0 (PC1-2007-0525)

===========================================================================

AA-2007.0049                  AUSCERT Advisory



                                   [Win]

     Trend Micro release patches for vulnerabilities in OfficeScan 8.0

                                2 July 2007

- ---------------------------------------------------------------------------



        AusCERT Advisory Summary

        ------------------------



Product:              OfficeScan Corporate Edition 8.0

Operating System:     Windows

Impact:               Execute Arbitrary Code/Commands

                      Inappropriate Access

Access:               Remote/Unauthenticated

CVE Names:            CVE-2007-3454 CVE-2007-3455

Member content until: Wednesday, July 25 2007



Original Bulletin:    

http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt



Revision History:   July 2 2007: Added CVE Names

                   June 27 2007: Initial Release



OVERVIEW:

        

        Two vulnerabilities has been reported in Trend Micro OfficeScan 

        Corporate Edition version 8.0. If exploited, these vulnerabilities 

        may result in the remote execution of arbitrary code or 

        authentication bypass.





IMPACT: 



        According to information released by Trend Micro [1], a buffer 

        overflow and a authentication bypass exist in the Office Scan CGI 

        modules. The buffer overflow may result in the remote execution of

        arbitrary code with the privileges of the web user. Also, it may be

        possible to bypass authentication by sending a specially crafted 

        HTTP request to the server.





MITIGATION:



        Security patch 1042 resolves the issue for OfficeScan version 8.0.





REFERENCES:



        [1] Trend Micro OfficeScan Corporate Edition 8.0Security Patch - 

            Build 1042 CGI modules

            http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt



AusCERT has made every effort to ensure that the information contained

in this document is accurate.  However, the decision to use the information

described is the responsibility of each user or organisation. The decision to

follow or act on information or advice contained in this security bulletin is

the responsibility of each user or organisation, and should be considered in

accordance with your organisation's site policies and procedures. AusCERT

takes no responsibility for consequences which may arise from following or

acting on information or advice contained in this security bulletin.



If you believe that your computer system has been compromised or attacked in 

any way, we encourage you to let us know by completing the secure National IT 

Incident Reporting Form at:



        http://www.auscert.org.au/render.html?it=3192



===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072



Internet Email: auscert@auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================