Current Description

Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before, and OfficeScan Corporate Edition (OSCE) 6.5 before, 7.0 before, and 7.3 before allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.

Basic Data

PublishedOctober 10, 2006
Last ModifiedMarch 08, 2011
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.


  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationTrend MicroOfficescan6.0*******
    2.3ApplicationTrend MicroOfficescancorporate_6.5*******
    2.3ApplicationTrend MicroOfficescancorporate_7.0*******
    2.3ApplicationTrend MicroOfficescancorporate_7.3*******

Vulnerable Software List

Trend Micro Officescan 6.0, corporate_6.5, corporate_7.0, corporate_7.3


22156 Advisory
20330 Advisory Advisory Advisory Advisory