{"id": "SECURITYVULNS:DOC:1958", "bulletinFamily": "software", "title": "[SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote File Disclosure With IUSER Privilege Vulnerability", "description": "----------------------------------------------------------------------\r\nSNS Advisory No.38\r\nTrend Micro Virus Buster (Ver.3.5x) Remote File Disclosure With IUSER\r\nPrivilege Vulnerability\r\n\r\nProblem first discovered: Wed, 18 Jul 2001\r\nPublished: Mon, 20 Aug 2001\r\n----------------------------------------------------------------------\r\n\r\nOverview:\r\n---------\r\nTrend Micro Virus Buster (a.k.a Officescan Corporate Edition) contains \r\na vulnerability which allows attacker to read arbitrary files with\r\nIUSER privilege.\r\n\r\nProblem Description:\r\n--------------------\r\nTrend Micro Virus Buster is antivirus software for the enterprise use.\r\nIt provides central virus reporting, automatic virus pattern updates,\r\nand Web-based remote management console. A vulnerability lies in\r\ncgiWebupdate.exe, which is one of the CGI programs which used for\r\nremote management. This problem can allow remote users to read\r\narbitrary files with IUSER privilege.\r\n"Virus Buster Corporate Edition" is provided only as Japanese version\r\nwhich is a.k.a "Officescan Corporate Edition" as English version. We're\r\nstill working with Trend Micro about this problem in "Officescan\r\nCorporate Edition". As soon as possible, we will publish the issue.\r\n\r\nTested Version:\r\n---------------\r\nTrend Micro Virus Buster Corporate Edition Version 3.52\r\nTrend Micro Virus Buster Corporate Edition Version 3.53\r\nTrend Micro Virus Buster Corporate Edition Version 3.54\r\n\r\nTested OS:\r\n----------\r\nWindows 2000 Server [Japanese]\r\n\r\nPatch Information:\r\n------------------\r\nThe patch is available from the following site:\r\n\r\nhttp://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=3086\r\n\r\nDiscovered by:\r\n--------------\r\nNobuo Miwa (LAC / n-miwa@lac.co.jp)\r\n\r\nDisclaimer:\r\n-----------\r\nAll information in these advisories are subject to change without any \r\nadvanced notices neither mutual consensus, and each of them is released\r\nas it is. LAC Co., Ltd. is not responsible for any risks of occurrences\r\ncaused by applying those information.\r\n\r\nReferences\r\n----------\r\nArchive of this advisory(in preparation now):\r\n http://www.lac.co.jp/security/english/snsadv_e/38_e.html\r\n\r\n------------------------------------------------------------------\r\nSecure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>\r\nComputer Security Laboratory, LAC http://www.lac.co.jp/security/\r\n", "published": "2001-08-22T00:00:00", "modified": "2001-08-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:1958", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:04", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 2.9, "vector": "NONE", "modified": "2018-08-31T11:10:04", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:04", "rev": 2}, "vulnersScore": 2.9}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-03-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **93[.]174.88.123** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **12**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-03-06T03:00:00.\n IOC tags: **generic**.\nASN 202425: (First IP 93.174.88.0, Last IP 93.174.95.255).\nASN Name \"AS202425\" and Organisation \"\".\nASN hosts 6532 domains.\nGEO IP information: City \"\", Country \"United Kingdom\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:AB118F00-1958-3035-AEB8-AF519BE98F25", "href": "", "published": "2021-03-07T00:00:00", "title": "RST Threat feed. IOC: 93.174.88.123", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **mxkauf[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **4**.\n First seen: 2020-06-28T03:00:00, Last seen: 2021-03-06T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 23[.]227.38.65\nWhois:\n Created: 2020-06-24 22:30:14, \n Registrar: unknown, \n Registrant: Tucows Domains Inc.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-28T00:00:00", "id": "RST:473932A4-1958-314B-87BE-BC331CAEE387", "href": "", "published": "2021-03-07T00:00:00", "title": "RST Threat feed. IOC: mxkauf.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **95[.]71.92.178** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2021-02-15T03:00:00, Last seen: 2021-03-06T03:00:00.\n IOC tags: **generic**.\nASN 12389: (First IP 95.71.0.0, Last IP 95.71.103.255).\nASN Name \"ROSTELECOMAS\" and Organisation \"\".\nASN hosts 22395 domains.\nGEO IP information: City \"Belgorod\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-15T00:00:00", "id": "RST:6CB1FEA3-1958-33F3-990F-524CD933A43F", "href": "", "published": "2021-03-07T00:00:00", "title": "RST Threat feed. IOC: 95.71.92.178", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **72[.]161.49.212** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **22**.\n First seen: 2021-01-10T03:00:00, Last seen: 2021-03-06T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 209: (First IP 72.161.48.0, Last IP 72.161.51.255).\nASN Name \"CENTURYLINKUSLEGACYQWEST\" and Organisation \"Qwest Communications Company LLC\".\nASN hosts 73938 domains.\nGEO IP information: City \"Columbia\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-10T00:00:00", "id": "RST:A99B14F1-1958-32C0-9828-27DF050FB582", "href": "", "published": "2021-03-07T00:00:00", "title": "RST Threat feed. IOC: 72.161.49.212", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **212[.]129.62.232** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2019-10-27T03:00:00, Last seen: 2021-03-06T03:00:00.\n IOC tags: **tor_node**.\nASN 12876: (First IP 212.129.0.0, Last IP 212.129.63.255).\nASN Name \"\" and Organisation \"Online SAS\".\nASN hosts 453077 domains.\nGEO IP information: City \"MorsangsurOrge\", Country \"France\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-10-27T00:00:00", "id": "RST:F3C8DADD-1958-3B02-A9BD-739E0DEB1200", "href": "", "published": "2021-03-07T00:00:00", "title": "RST Threat feed. IOC: 212.129.62.232", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **152[.]32.108.125** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **12**.\n First seen: 2020-12-25T03:00:00, Last seen: 2021-03-06T03:00:00.\n IOC tags: **generic**.\nASN 17639: (First IP 152.32.105.0, Last IP 152.32.127.255).\nASN Name \"CONVERGEAS\" and Organisation \"Converge ICT Solutions Inc\".\nASN hosts 382 domains.\nGEO IP information: City \"Quezon City\", Country \"Philippines\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-25T00:00:00", "id": "RST:36B5BE12-1958-3D71-A05E-C53DB2938D0B", "href": "", "published": "2021-03-07T00:00:00", "title": "RST Threat feed. IOC: 152.32.108.125", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **182[.]53.78.39** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-03-05T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **generic**.\nASN 23969: (First IP 182.52.238.0, Last IP 182.53.107.255).\nASN Name \"TOTNET\" and Organisation \"TOT Public Company Limited\".\nASN hosts 1829 domains.\nGEO IP information: City \"Sam Ngam\", Country \"Thailand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-05T00:00:00", "id": "RST:9FF18B26-1958-3024-96C5-DABDE2D2B086", "href": "", "published": "2021-03-05T00:00:00", "title": "RST Threat feed. IOC: 182.53.78.39", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://219[.]157.138.106:58269/bin.sh** in [RST Threat Feed](https://rstcloud.net/profeed) with score **60**.\n First seen: 2021-02-25T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-25T00:00:00", "id": "RST:7903245D-1958-3851-B204-31EF922E5B2E", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: http://219.157.138.106:58269/bin.sh", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **fghgfhcvbse[.]publicnode.ydns.eu** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:66EACA3F-1958-337D-8242-E6AE41C34468", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: fghgfhcvbse.publicnode.ydns.eu", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **burst[.]allthedisks.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:2806D23C-1958-3E72-94D2-4665940F93DF", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: burst.allthedisks.com", "type": "rst", "cvss": {}}]}