Trend Micro OfficeScan modify configuration
| officescan-configuration-modify (16092) |  Medium Risk |
Description:
The installation directory and the HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp registry entry in OfficeScan are installed with Everyone/Full Control permissions by default. A local attacker could use this vulnerability to delete or modify registry keys, which could disable the antivirus service.
Platforms Affected:
- Trend Micro, OfficeScan prior to 6.5
Remedy:
Upgrade to the latest version of OfficeScan (6.5 or later), when it becomes available from the Trend Micro, Inc. Web site. See References.
— OR —
Apply the OSCE_Hotfix_RegistryTool patch, which will remedy the weak permssions on the registry key, available from the Trend Micro, Inc. Web site. See References.
Consequences:
Configuration
References:
- BugTraq Mailing List, Fri May 07 2004 - 00:33:43 CDT, Security issue with Trend OfficeScan Corporate Edition at http://archives.neohapsis.com/archives/bugtraq/2004-05/0052.html.
- Trend Micro Web site, Trend Micro Enterprise Homepage at http://www.trendmicro.com/en/home/us/enterprise.htm.
- BID-10300: Trend Micro OfficeScan Weak Default Permissions Vulnerabilities
- CVE-2004-2006: Trend Micro OfficeScan 3.0 - 6.0 has default permissions of Everyone Full Control on the installation directory and registry keys, which allows local users to disable virus protection.
- OSVDB ID: 5990: Trend Micro OfficeScan Inappropriate Default Permissions
- SA11576: Trend Micro OfficeScan Insecure Registry Key and Directory Permissions
Reported:
May 07, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net