Your one-stop web resource providing safety and security information to manufacturers

A vulnerability in security software provider Trend Micro’s Control Manager can suffer exploitation to reveal sensitive information, according to Secunia.

Input passed via the “module” parameter to WebApp/widget/proxy_request.php (when “sid” is set to “undefined” and “serverid”, “SORTFIELD”, “SELECTION”, and “WID” are set) is not properly verified before being used to read files.

Apache Tomcat Security Vulnerability
Wireless Weakness Patched
Microsoft Security Center Site Breached
Microsoft Updates Rootkit Removal Plan

The end result could be a hacker could read arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 5.5 (Build 1250). Other versions may also suffer from the same vulnerability.

One solution is to apply hotfix 1470, or contact Trend Micro for details.

Cyber Security

Pin It on Pinterest

Share This