Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2430

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2430
Last Modified 05 Sep 2008 04:44:07
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2430

Summary

Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.

Vulnerable Systems

Application

  • Trend Micro Officescan 3.0

  • Trend Micro Officescan Corporate 3.11

  • Trend Micro Officescan Corporate 3.13

  • Trend Micro Officescan Corporate 3.5

  • Trend Micro Officescan Corporate 3.54

  • Trend Micro Officescan Corporate 5.02

  • Trend Micro Officescan Corporate 5.5

  • Trend Micro Officescan Corporate 5.58


References

XF - officescan-service-gain-privileges(16375)

OSVDB - 6840

CONFIRM - http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118

SECUNIA - 11806

BID - 10503

BUGTRAQ - 20040609 Trend Officescan local privilege escalation


Last Updated: 27 May 2016 10:39:28