CVE-2006-5212

Current Description

Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.

Basic Data

PublishedOctober 10, 2006
Last ModifiedMarch 08, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationTrend MicroOfficescan6.0*******
    2.3ApplicationTrend MicroOfficescancorporate_6.5*******
    2.3ApplicationTrend MicroOfficescancorporate_7.0*******
    2.3ApplicationTrend MicroOfficescancorporate_7.3*******

Vulnerable Software List

VendorProductVersions
Trend Micro Officescan 6.0, corporate_6.5, corporate_7.0, corporate_7.3

References

NameSourceURLTags
22156http://secunia.com/advisories/22156SECUNIAVendor Advisory
20330http://www.securityfocus.com/bid/20330BID
http://www.trendmicro.com/download/product.asp?productid=5http://www.trendmicro.com/download/product.asp?productid=5CONFIRMPatch
http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readmeCONFIRMVendor Advisory
http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txtCONFIRMVendor Advisory
http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txtCONFIRMVendor Advisory
http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txthttp://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txtCONFIRMVendor Advisory
ADV-2006-3882http://www.vupen.com/english/advisories/2006/3882VUPEN