CVE-2008-2439

Trend Micro Officescan - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.

Exploits (1)

metasploit SCANNER

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/officescan/tmlisten_traversal.rb

View Code ZIP pw:eip

References (13)

[Patch, Vendor Advisory] http://secunia.com/advisories/31343

[Patch, Vendor Advisory] http://secunia.com/advisories/32097

[Vendor Advisory] http://secunia.com/secunia_research/2008-39/

[Patch] http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt

[Patch] http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt

[Patch] http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt

[Patch] http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45597

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/496970/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31531

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020975

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2711

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2712

Scores

EPSS 0.4462

EPSS Percentile 97.5%

Classification

CWE

CWE-22

Status draft

Affected Products (4)

trend_micro/officescan

trend_micro/officescan

trend_micro/officescan

trend_micro/worry_free_business_security

Timeline

Published Oct 03, 2008

Tracked Since Feb 18, 2026