CVE-2004-2430
Description
Local users can gain SYSTEM privileges in Trend OfficeScan 5.58 via a help window that does not drop privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can gain SYSTEM privileges in Trend OfficeScan 5.58 via a help window that does not drop privileges.
Vulnerability
Trend OfficeScan Corporate Edition version 5.58 and possibly earlier versions do not drop privileges when opening a help window from a virus detection pop-up window. This flaw exists in the privilege handling of the help functionality triggered during virus alerts. [1]
Exploitation
An attacker must have local access to the system. By triggering a virus detection pop-up (e.g., by placing a test file that is detected) and then opening the help window from that pop-up, the help window runs with elevated privileges. No additional authentication or user interaction beyond the pop-up is required. [1]
Impact
Successful exploitation allows a local user to gain SYSTEM privileges, leading to full control of the affected system. This includes the ability to execute arbitrary code, install programs, and access all data. [1]
Mitigation
Trend Micro has not publicly disclosed a fix in the available references. Users should consider upgrading to a later version of OfficeScan that addresses privilege handling. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. [1][2]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*+ 7 more
- cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:corporate_5.5:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/11806nvdPatchVendor Advisory
- uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.phpnvdPatch
- www.osvdb.org/6840nvdPatch
- archives.neohapsis.com/archives/bugtraq/2004-06/0117.htmlnvdVendor Advisory
- www.securityfocus.com/bid/10503nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16375nvd
News mentions
0No linked articles in our index yet.