CVE-2004-2430
First published: Fri Dec 31 2004(Updated: )
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro OfficeScan Corporate Edition | =3.0 | |
| Trend Micro OfficeScan Corporate Edition | =corporate_3.5 | |
| Trend Micro OfficeScan Corporate Edition | =corporate_3.11 | |
| Trend Micro OfficeScan Corporate Edition | =corporate_3.13 | |
| Trend Micro OfficeScan Corporate Edition | =corporate_3.54 | |
| Trend Micro OfficeScan Corporate Edition | =corporate_5.02 | |
| Trend Micro OfficeScan Corporate Edition | =corporate_5.5 | |
| Trend Micro OfficeScan Corporate Edition | =corporate_5.58 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html
- http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118
- http://www.securityfocus.com/bid/10503
- http://www.osvdb.org/6840
- http://secunia.com/advisories/11806
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16375
Frequently Asked Questions
What is the severity of CVE-2004-2430?
CVE-2004-2430 is classified as a critical vulnerability due to its potential to allow local users to gain SYSTEM privileges.
How do I fix CVE-2004-2430?
To fix CVE-2004-2430, users should upgrade to a patched version of Trend OfficeScan Enterprise Edition that addresses this privilege escalation issue.
What is the impact of CVE-2004-2430 on affected systems?
The impact of CVE-2004-2430 is that local users on affected systems can elevate their privileges to SYSTEM level, compromising system security.
Which versions of Trend OfficeScan are affected by CVE-2004-2430?
CVE-2004-2430 affects multiple versions of Trend OfficeScan, including corporate editions 3.0, 3.11, 3.5, 3.54, 5.02, 5.5, and 5.58.
Is CVE-2004-2430 a local or remote vulnerability?
CVE-2004-2430 is a local vulnerability, as it requires local access to the system for exploitation.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/trend micro
- canonical/trend micro officescan corporate edition
- version/trend micro officescan corporate edition/3.0
- version/trend micro officescan corporate edition/corporate_3.5
- version/trend micro officescan corporate edition/corporate_3.11
- version/trend micro officescan corporate edition/corporate_3.13
- version/trend micro officescan corporate edition/corporate_3.54
- version/trend micro officescan corporate edition/corporate_5.02
- version/trend micro officescan corporate edition/corporate_5.5
- version/trend micro officescan corporate edition/corporate_5.58