ID
VAR-E-201305-0007
TITLE
Trend Micro DirectPass 'InstallWorkspace.exe' Local Command Injection Vulnerability
Trust: 0.3
DESCRIPTION
Trend Micro DirectPass is prone to a local command-injection vulnerability.
A local attacker can exploit this issue to execute arbitrary commands within the context of the affected application. Successful exploits may compromise the affected application.
Trend Micro DirectPass 1.5.0.1060 is vulnerable; others versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | trend micro | model: | directpass | scope: | eq | version: | 1.5.0.1060 | Trust: 0.3 |
| vendor: | trend micro | model: | directpass | scope: | ne | version: | 1.6 | Trust: 0.3 |
EXPLOIT
The following example code is available:
B%20>">../;'[COMMAND|PATH INJECT!]>
Example Path: C:\Users\BKM\TrendMicro DirectPass
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Benjamin Kunz Mejri
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 60023 | Trust: 0.3 |
REFERENCES
| url: | http://seclists.org/fulldisclosure/2013/may/112 | Trust: 0.3 |
| url: | http://www.trendmicro.com/us/home/products/directpass/index.html | Trust: 0.3 |
| url: | http://esupport.trendmicro.com/solution/en-us/1096805.aspx | Trust: 0.3 |
SOURCES
| db: | BID | id: | 60023 |
LAST UPDATE DATE
2022-07-27T09:30:14.646000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 60023 | date: | 2013-05-15T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 60023 | date: | 2013-05-15T00:00:00 |