Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

SECURITY BULLETIN: Trend Micro OfficeScan Path Traversal Vulnerability

    • Updated:
    • 24 Nov 2016
    • Product/Version:
    • OfficeScan 11.0
    • OfficeScan 11.0
    • Platform:
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2003 Datacenter 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Server R2
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Enterprise R2
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Essentials
    • Windows 2012 Standard
    • Windows 2012 Standard R2

Release Date: May 16, 2016
Trend Micro Vulnerability Identifier: 2016-0116 (OSCE)
Impact Level: Low
Platform(s): Microsoft Windows

Trend Micro has released an update for OfficeScan (OSCE) 11.0 Service Pack 1 (SP1) which resolves a vulnerability in the product that when certain conditions are met could be exploited to access files and directories located outside of the core product web root folder.


Affected Version(s)

ProductAffected VersionPlatformLanguage
OfficeScan11.0 SP1 (Build 4885 and below)WindowsEnglish

Not Affected Version(s)

ProductNot Affected VersionPlatformLanguage(s)
OfficeScan10.6 (Reaching End-of-Support on June 30, 2016)WindowsEnglish


Trend Micro has categorized this update with the following impact level and different options to address the issue:

ProductUpdated VersionPlatformImpact LevelAvailability
OfficeScan11.0 SP1 Critical Patch 6054WindowsLowMay 30, 2016

The critical patch mentioned above is actually a combination of the solution for this vulnerability and some updated features and functionality to help OfficeScan users protect against ransomware. It also supersedes the standalone Hot Fix Build 4889 that was previously available in this article.

Vulnerability Details

This update resolves a vulnerability in Trend Micro OfficeScan 11.0 SP1 in which an attacker who has already compromised the security environment of the local OfficeScan server may be able to manipulate certain variables to obtain access to other files and directories outside of the core OfficeScan web root folder.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.

Mitigating Factors

Please note that the OfficeScan server port needed for a specifically crafted attack required to exploit this vulnerability is not publicly broadcast and is only visible to internal user requests. Furthermore, for an attack of this nature to be attempted, the OfficeScan server’s own security agent protection would have to have been previously compromised due to the requirement of a malicious file needing to be placed on the OfficeScan server.

However, even though the exploit may require several specific conditions to be met, Trend Micro strongly encourages OfficeScan customers to update to the latest patches (as outlined above) as soon as possible.


Trend Micro would like to thank Tavis Ormandy of Google Project Zero for responsibly disclosing a similar issue on another product leading to this discovery and working with Trend Micro to help protect our customers.

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.