CVE-2006-5212 in OfficeScan
Summary
by MITRE
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/24/2026
The vulnerability described in CVE-2006-5212 represents a critical directory traversal and file deletion flaw within Trend Micro OfficeScan CSM Suite and OfficeScan Corporate Edition products. This issue affects multiple versions of the OfficeScan software including the SMB 2.0 suite before 6.0.0.1385 and various corporate editions with specific version thresholds. The vulnerability stems from insufficient input validation within the OfficeScan CGI program that processes HTTP requests, allowing remote attackers to manipulate filename parameters and execute unauthorized file deletion operations.
The technical exploitation of this vulnerability occurs through carefully crafted HTTP requests that modify filename parameters passed to the OfficeScan CGI component. When the system processes these modified parameters without proper sanitization or validation, it fails to restrict access to arbitrary file paths, enabling attackers to traverse directories and delete files that should remain protected. This represents a classic directory traversal attack vector that leverages weak input validation controls within the web application layer of the security solution itself.
The operational impact of this vulnerability extends beyond simple file deletion, as it fundamentally compromises the integrity and availability of the OfficeScan deployment. Attackers can potentially target critical system files, configuration data, or even the OfficeScan executable itself, leading to complete service disruption or complete compromise of the security infrastructure. The vulnerability affects organizations using these specific versions of OfficeScan, particularly those running the software in enterprise environments where it serves as a primary security control for endpoint protection.
From a cybersecurity perspective, this vulnerability aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory, commonly known as path traversal. The flaw also maps to ATT&CK technique T1059.007 for command and scripting interpreter, as exploitation may involve manipulating the web server to execute commands through the vulnerable CGI interface. Organizations should implement immediate mitigations including applying the vendor patches released for versions 6.0.0.1385, 6.5.0.1418, 7.0.0.1257, and 7.3.0.1053 respectively, as well as implementing network segmentation and access controls to limit exposure of the vulnerable web interfaces.
The broader implications of this vulnerability highlight the critical importance of input validation in web applications, particularly within security tools that are designed to protect against such attacks. Organizations should conduct comprehensive vulnerability assessments of their security infrastructure and ensure proper patch management procedures are in place to address similar issues in other components of their security ecosystem. Additionally, implementing web application firewalls and monitoring for unusual file deletion patterns can help detect exploitation attempts and provide additional layers of defense against this class of vulnerability.