CVE-2008-2439

Name of the Vulnerable Software and Affected Versions: Trend Micro OfficeScan 7.3 Patch 4 build 1367 through build 1371 Trend Micro OfficeScan 8.0 SP1 before build 1222 Trend Micro OfficeScan 8.0 SP1 Patch 1 before build 3087 Trend Micro Worry-Free Business Security 5.0 before build 1220

Description: The issue allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. This is due to a directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client.

Recommendations: For Trend Micro OfficeScan 7.3 Patch 4 build 1367 through build 1371, update to a version after build 1371. For Trend Micro OfficeScan 8.0 SP1 before build 1222, update to build 1222 or later. For Trend Micro OfficeScan 8.0 SP1 Patch 1 before build 3087, update to build 3087 or later. For Trend Micro Worry-Free Business Security 5.0 before build 1220, update to build 1220 or later.