Trend Micro OfficeScan Inappropriate Default Permissions

2004-05-10T05:09:31
ID OSVDB:5990
Type osvdb
Reporter Matt(matt_will_fix_it@hotmail.com)
Modified 2004-05-10T05:09:31

Description

Vulnerability Description

TrendMicro OfficeScan Corporate Edition (OSCE) contains a flaw that may allow a malicious local user to alter or disable anti-virus protection, due to insufficient permissions assigned the application's installation directory, files, and registry keys upon installation.

Technical Description

It is important to note a virus, worm, or trojan running under the credentials of the logged on user could also leverage these weak permissions to disable or modify the local anti-virus service as part of its payload.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to completely correct this issue. It is reported the vendor has supplied a patch to resellers, "OSCE_Hotfix_RegistryTool.zip," which modifies the registry permissions, but the file permission issues remain unaddressed by the vendor.

Short Description

TrendMicro OfficeScan Corporate Edition (OSCE) contains a flaw that may allow a malicious local user to alter or disable anti-virus protection, due to insufficient permissions assigned the application's installation directory, files, and registry keys upon installation.

References:

Vendor URL: http://www.trendmicro.com/download/product.asp?productid=5 Security Tracker: 1010093 Secunia Advisory ID:11576 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108395366909344&w=2 ISS X-Force ID: 16092 FrSIRT Advisory: ADV-2006-1041 CVE-2006-1381 Bugtraq ID: 10300