Vulnerabilities > CVE-2001-1150 - Unspecified vulnerability in Trend Micro Officescan and Virus Buster

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

trend-micro

nessus

NVD

Published: 2001-08-22

Updated: 2024-11-20

Summary

Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.

Vulnerable Configurations

Part	Description	Count
Application	Trend_Micro Trend Micro Virus Buster Corporate_3.52 Trend Micro Virus Buster Corporate_3.53 Trend Micro Virus Buster Corporate_3.54 Trend Micro Officescan Corporate_3.5 Trend Micro Officescan Corporate_3.54	5

Nessus

NASL family	CGI abuses
NASL id	CGIWEBUPDATE.NASL
description	The CGI
last seen	2020-06-01
modified	2020-06-02
plugin id	11722
published	2003-06-11
reporter	This script is Copyright (C) 2003-2018 John Lampe
source	https://www.tenable.com/plugins/nessus/11722
title	Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval
code	# # This script was written by John [email protected] # # See the Nessus Scripts License for details # include("compat.inc"); if (description) { script_id(11722); script_version("1.23"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2001-1150"); script_bugtraq_id(3216); script_name(english:"Trend Micro Virus Buster cgiWebupdate.exe Arbitrary File Retrieval"); script_summary(english:"Checks for the cgiWebupdate.exe file"); script_set_attribute(attribute:"synopsis", value: "The remote web server is hosting a CGI application that is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The CGI 'cgiWebupdate.exe' exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker can use this hole to gain access to confidential data or escalate their privileges on the web server. * Note that Nessus solely relied on the existence of the * cgiWebupdate.exe file."); script_set_attribute(attribute:"solution", value:"Trend Micro has released a patch that addresses this issue."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2020 John Lampe"); script_family(english:"CGI abuses"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80, embedded:TRUE); if(!get_port_state(port))exit(0); flag = 0; directory = ""; foreach dir (cgi_dirs()) { if(is_cgi_installed_ka(item:string(dir, "/cgiWebupdate.exe"), port:port)) { security_warning(port); exit(0); } }

Summary

Vulnerable Configurations

Nessus

References