Search Related Articles All Products Worry-Free Business Security Standard/AdvancedOfficeScanHosted Email SecurityControl ManagerInterScan Messaging Security SuiteDeep Security Advanced Reporting and Management for InterScan Web SecurityClient / Server Suite for SMBClient Server Messaging Security for SMBControl ManagerCore Protection for Virtual MachinesCore Protection ModuleData Loss PreventionData Loss Prevention EndpointDeep DiscoveryDeep Discovery InspectorDeep SecurityDeep Security as a ServiceEmail Reputation ServicesEmail Security Platform for Service Providers - White LabelEndpoint Security PlatformHosted Email SecurityHosted Email Security - Inbound FilteringInstant Messaging SecurityInterScan eManagerInterScan Gateway Security ApplianceInterScan Messaging Security Appliance 5000InterScan Messaging Security SuiteInterScan Messaging Security Virtual ApplianceInterScan VirusWallInterScan VirusWall for NTInterScan VirusWall for SMBInterScan Web Security Appliance 2500InterScan Web Security SuiteInterScan Web Security Virtual ApplianceInterScan WebProtectIntrusion Defense FirewallLeakProofLicensing Management PlatformMobile Armor DataArmor Full Disk EncryptionMobile Armor FileArmorMobile Armor KeyArmorMobile Armor PolicyServerNetwork VirusWallOfficeScanPortalProtectSafeSync for EnterpriseScanMail for ExchangeScanMail for Lotus DominoSecureCloudServerProtect for EMC CelerraServerProtect for LinuxServerProtect for Microsoft Windows/Novell NetwareServerProtect for Network Appliance FilerThreat Discovery ApplianceThreat Intelligence ManagerTrend Micro Email Encryption GatewayTrend Micro Email Encryption HostedTrend Micro Encryption for EmailTrend Micro Endpoint EncryptionTrend Micro Hosted Mobile SecurityTrend Micro Mobile SecurityTrend Micro Portable SecurityTrend Micro SafeSync for BusinessTrend Micro Security for MacintoshTrend Micro Smart Protection ServerWeb App SecurityWorry-Free Business Security ServicesWorry-Free Business Security Services for DellWorry-Free Business Security Standard/AdvancedWorry-Free Remote Manager Business Knowledge Base All Support Advanced Search | View Search Tips Solution ID Last Updated 1061043 Date : 2013/05/07 Time:7:53 AM , (PST) Product/Version Platform Control Manager - 5.0, 5.5, 6.0; Windows - 2000 Advanced Server, 2000 Server, 2003 Enterprise, 2003 Server R2, 2003 Standard, 2008 Enterprise, 2008 Enterprise 64-bit, 2008 Server R2, 2008 Standard, 2008 Standard 64-bit
Search Related Articles All Products Worry-Free Business Security Standard/AdvancedOfficeScanHosted Email SecurityControl ManagerInterScan Messaging Security SuiteDeep Security Advanced Reporting and Management for InterScan Web SecurityClient / Server Suite for SMBClient Server Messaging Security for SMBControl ManagerCore Protection for Virtual MachinesCore Protection ModuleData Loss PreventionData Loss Prevention EndpointDeep DiscoveryDeep Discovery InspectorDeep SecurityDeep Security as a ServiceEmail Reputation ServicesEmail Security Platform for Service Providers - White LabelEndpoint Security PlatformHosted Email SecurityHosted Email Security - Inbound FilteringInstant Messaging SecurityInterScan eManagerInterScan Gateway Security ApplianceInterScan Messaging Security Appliance 5000InterScan Messaging Security SuiteInterScan Messaging Security Virtual ApplianceInterScan VirusWallInterScan VirusWall for NTInterScan VirusWall for SMBInterScan Web Security Appliance 2500InterScan Web Security SuiteInterScan Web Security Virtual ApplianceInterScan WebProtectIntrusion Defense FirewallLeakProofLicensing Management PlatformMobile Armor DataArmor Full Disk EncryptionMobile Armor FileArmorMobile Armor KeyArmorMobile Armor PolicyServerNetwork VirusWallOfficeScanPortalProtectSafeSync for EnterpriseScanMail for ExchangeScanMail for Lotus DominoSecureCloudServerProtect for EMC CelerraServerProtect for LinuxServerProtect for Microsoft Windows/Novell NetwareServerProtect for Network Appliance FilerThreat Discovery ApplianceThreat Intelligence ManagerTrend Micro Email Encryption GatewayTrend Micro Email Encryption HostedTrend Micro Encryption for EmailTrend Micro Endpoint EncryptionTrend Micro Hosted Mobile SecurityTrend Micro Mobile SecurityTrend Micro Portable SecurityTrend Micro SafeSync for BusinessTrend Micro Security for MacintoshTrend Micro Smart Protection ServerWeb App SecurityWorry-Free Business Security ServicesWorry-Free Business Security Services for DellWorry-Free Business Security Standard/AdvancedWorry-Free Remote Manager Business Knowledge Base All Support Advanced Search | View Search Tips Solution ID Last Updated 1061043 Date : 2013/05/07 Time:7:53 AM , (PST) Product/Version Platform Control Manager - 5.0, 5.5, 6.0; Windows - 2000 Advanced Server, 2000 Server, 2003 Enterprise, 2003 Server R2, 2003 Standard, 2008 Enterprise, 2008 Enterprise 64-bit, 2008 Server R2, 2008 Standard, 2008 Standard 64-bit
Problem Description Trend Micro has been notified of a potential product vulnerability in TMCM. First reported by CERT, the report says that the vulnerbaility enables SQL injection attacks, allowing remote attackers to execute SQL commands to upload and execute arbitrary code that may harm the target system. Solution Trend Micro has confirmed that this is a product vulnerability and impacts TMCM 6.0 and other versions. Trend Micro filters user-supplied inputs to make sure all strings does not contain any damage commands before execution. Critical patches for this vulnerability are now available: TMCM 5.0 http://www.trendmicro.com/ftp/products/tmcm/tmcm_50_win_en_criticalpatch2189.exe TMCM 5.5 http://www.trendmicro.com/ftp/products/tmcm/tmcm_55_sp1_patch2_win_en_criticalpatch1823.exe TMCM 6.0 http://www.trendmicro.com/ftp/products/tmcm/tmcm_60_patch1_win_en_criticalpatch1449.exe
Problem Description Trend Micro has been notified of a potential product vulnerability in TMCM. First reported by CERT, the report says that the vulnerbaility enables SQL injection attacks, allowing remote attackers to execute SQL commands to upload and execute arbitrary code that may harm the target system. Solution Trend Micro has confirmed that this is a product vulnerability and impacts TMCM 6.0 and other versions. Trend Micro filters user-supplied inputs to make sure all strings does not contain any damage commands before execution. Critical patches for this vulnerability are now available: TMCM 5.0 http://www.trendmicro.com/ftp/products/tmcm/tmcm_50_win_en_criticalpatch2189.exe TMCM 5.5 http://www.trendmicro.com/ftp/products/tmcm/tmcm_55_sp1_patch2_win_en_criticalpatch1823.exe TMCM 6.0 http://www.trendmicro.com/ftp/products/tmcm/tmcm_60_patch1_win_en_criticalpatch1449.exe
Connect with us on
| | | |