|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
Connected Backup 8.4
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 11234. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the Agent service that listens by default on TCP port 16388. When dealing with a request containing the opcode 13, the java process instantiates an instance of a class called LaunchCompoundFileAnalyzer. This class passes user-controlled data directly to System.getRunTime.exec. This can be abused to execute remote code on the agent process under the context of the user running the software.
Customers were notified and updates released 5/9/2011.