CVE-2008-2439 — Path Traversal in Micro Officescan

CWE-22 — Path Traversal3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

44.6%

top 2.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Officescan Trend Micro Worry Free Business Security

Timeline

PublishedOct 3

Latest updateMay 1

Description

Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third…

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDtrend_micro/worry_free_business_security5.0

▶NVDtrend_micro/officescan7.3, 8.0+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-6cc4-g986-cx7v: Directory traversal vulnerability in the UpdateAgent function in TmListen↗2022-05-01

▶

CVEList

CVE-2008-2439: Directory traversal vulnerability in the UpdateAgent function in TmListen↗2008-10-03

▶