CVE-2006-5212
published 2006-10-10CVE-2006-5212: Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.53%
71.6th percentile
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | officescan | — | — |
| trend_micro | officescan | — | — |
| trend_micro | officescan | — | — |
| trend_micro | officescan | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Trend Micro OfficeScan 6.0/Corporate 6.5/Corporate 7.0/Corporate 7.3 CGI Program filename format string (Nessus ID 22048 / XFDB-29327)
vuldb·2026-04-24·CVSS 5.0
CVE-2006-5212 [MEDIUM] Trend Micro OfficeScan 6.0/Corporate 6.5/Corporate 7.0/Corporate 7.3 CGI Program filename format string (Nessus ID 22048 / XFDB-29327)
A vulnerability has been found in Trend Micro OfficeScan 6.0/Corporate 6.5/Corporate 7.0/Corporate 7.3 and classified as critical. The affected element is an unknown function of the component CGI Program. This manipulation of the argument filename causes format string.
This vulnerability is registered as CVE-2006-5212. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
GHSA
GHSA-v2gx-gw6h-4chx: Trend Micro OfficeScan 6
ghsa_unreviewed·2022-05-01
CVE-2006-5212 [MEDIUM] GHSA-v2gx-gw6h-4chx: Trend Micro OfficeScan 6
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/22156http://www.securityfocus.com/bid/20330http://www.trendmicro.com/download/product.asp?productid=5http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txthttp://www.vupen.com/english/advisories/2006/3882http://secunia.com/advisories/22156http://www.securityfocus.com/bid/20330http://www.trendmicro.com/download/product.asp?productid=5http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txthttp://www.vupen.com/english/advisories/2006/3882
2006-10-10
Published