Trend Micro OfficeScan是一款企业级的网络防毒墙解决方案。 Trend Micro OfficeScan存在验证绕过问题,远程攻击者可以利用漏洞未授权登录管理接口并更改应用程序设置。 OfficeScan安装包含的WEB管理接口允许管理员配置应用程序和反病毒客户端管理。WEB接口由cgiChkMasterPwd.exe处理,传递由ActiveX控件生成的HASH和密码的加密版本。如果cgiChkMasterPwd.exe发送一个空的加密字符串和空的HASH,它会发送客户端一个合法会话ID用于访问WEB管理控制台。 Trend Micro OfficeScan Corporate Edition 7.0 Trend Micro OfficeScan Corporate Edition 6.5 Trend Micro OfficeScan Corporate Edition 8.0 Trend Micro OfficeScan Corporate Edition 7.3 Trend Micro OfficeScan Corporate Edition 6.0 Trend Micro Client Server Messaging Security for SMB 3.6 Trend Micro Client Server Messaging Security for SMB 3.5 Trend Micro Client Server Messaging Security for SMB 3.0 Trend Micro OfficeScan Corporate Edition 6.0 * Trend Micro csm_20_osce_60_win_en_securitypatch_b1398.exe <a href="http://www.trendmicro.com/ftp/products/patches/csm_20_osce_60_win_en_s" target="_blank">http://www.trendmicro.com/ftp/products/patches/csm_20_osce_60_win_en_s</a> ecuritypatch_b1398.exe Trend Micro OfficeScan...
Trend Micro OfficeScan是一款企业级的网络防毒墙解决方案。 Trend Micro OfficeScan存在验证绕过问题,远程攻击者可以利用漏洞未授权登录管理接口并更改应用程序设置。 OfficeScan安装包含的WEB管理接口允许管理员配置应用程序和反病毒客户端管理。WEB接口由cgiChkMasterPwd.exe处理,传递由ActiveX控件生成的HASH和密码的加密版本。如果cgiChkMasterPwd.exe发送一个空的加密字符串和空的HASH,它会发送客户端一个合法会话ID用于访问WEB管理控制台。 Trend Micro OfficeScan Corporate Edition 7.0 Trend Micro OfficeScan Corporate Edition 6.5 Trend Micro OfficeScan Corporate Edition 8.0 Trend Micro OfficeScan Corporate Edition 7.3 Trend Micro OfficeScan Corporate Edition 6.0 Trend Micro Client Server Messaging Security for SMB 3.6 Trend Micro Client Server Messaging Security for SMB 3.5 Trend Micro Client Server Messaging Security for SMB 3.0 Trend Micro OfficeScan Corporate Edition 6.0 * Trend Micro csm_20_osce_60_win_en_securitypatch_b1398.exe <a href="http://www.trendmicro.com/ftp/products/patches/csm_20_osce_60_win_en_s" target="_blank">http://www.trendmicro.com/ftp/products/patches/csm_20_osce_60_win_en_s</a> ecuritypatch_b1398.exe Trend Micro OfficeScan Corporate Edition 7.3 * Trend Micro osce_73_win_en_securitypatch_b1293.exe <a href="http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_security" target="_blank">http://www.trendmicro.com/ftp/products/patches/osce_73_win_en_security</a> patch_b1293.exe Trend Micro Client Server Messaging Security for SMB 3.5 * Trend Micro csm_35_osce_75_win_en_securitypatch_b1152.exe <a href="http://www.trendmicro.com/ftp/products/patches/csm_35_osce_75_win_en_s" target="_blank">http://www.trendmicro.com/ftp/products/patches/csm_35_osce_75_win_en_s</a> ecuritypatch_b1152.exe * Trend Micro csm_36_osce_76_win_en_securitypatch_b1149.exe <a href="http://www.trendmicro.com/ftp/products/patches/csm_36_osce_76_win_en_s" target="_blank">http://www.trendmicro.com/ftp/products/patches/csm_36_osce_76_win_en_s</a> ecuritypatch_b1149.exe Trend Micro Client Server Messaging Security for SMB 3.0 * Trend Micro csm_30_osce_72_win_en_securitypatch_b1209.exe <a href="http://www.trendmicro.com/ftp/products/patches/csm_30_osce_72_win_en_s" target="_blank">http://www.trendmicro.com/ftp/products/patches/csm_30_osce_72_win_en_s</a> ecuritypatch_b1209.exe Trend Micro OfficeScan Corporate Edition 8.0 * Trend Micro osce_80_win_en_securitypatch-b1042.exe <a href="http://www.trendmicro.com/ftp/products/patches/osce_80_win_en_security" target="_blank">http://www.trendmicro.com/ftp/products/patches/osce_80_win_en_security</a> patch-b1042.exe Trend Micro OfficeScan Corporate Edition 6.5 * Trend Micro osce_65_win_en_securitypatch_b1458.exe <a href="http://www.trendmicro.com/ftp/products/patches/osce_65_win_en_security" target="_blank">http://www.trendmicro.com/ftp/products/patches/osce_65_win_en_security</a> patch_b1458.exe Trend Micro OfficeScan Corporate Edition 7.0 * Trend Micro osce_70_win_en_securitypatch_b1364.exe <a href="http://www.trendmicro.com/ftp/products/patches/osce_70_win_en_security" target="_blank">http://www.trendmicro.com/ftp/products/patches/osce_70_win_en_security</a> patch_b1364.exe
