The specific flaw exists within ProductTree_Table.aspx. This page exhibits an XML external entity injection vulnerability. An attacker can leverage this vulnerability to disclose sensitive information under the context of NETWORKSERVICE.
Trend Micro has issued an update to correct this vulnerability. More details can be found at:
|Steven Seeley of Source Incite