November 9, 2001

MS bug of the day: OfficeScan, Virus Buster have vulnerabilities

Author: JT Smith

MSNBC: "Version 3.53 of both Trend Micro OfficeScan Corporate Edition and Trend Micro Virus Buster
Corporate Edition has a vulnerability in the Web-based management interface provided for client
management. The management console creates an /officescan/hotdownload directory, which can be
accessed without authentication. The configuration file ofcscan.ini contained in this directory can be
accessed by hackers, allowing them to view the password and crack it offline."
Click Here!