Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1380

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-1380
Last Modified 24 Jan 2013 12:00:00
Published 24 Mar 2006 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1380

Summary

ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe.

Vulnerable Systems

Application

  • Trend Micro Interscan Messaging Security Suite 5.5 Build 1183

  • Trendmicro Interscan Messaging Security Suite 5.5


References

SECUNIA - 19022

VUPEN - ADV-2006-1041

MISC - http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english

XF - imss-isntsmtp-directory-permissions(25415)


Last Updated: 27 May 2016 11:01:42