The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Trend Micro InterScan Messaging Security Suite

computer vulnerability note CVE-2016-4914 CVE-2016-4915 CVE-2016-4916

Trend Micro InterScan Messaging Security Virtual Appliance: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Trend Micro InterScan Messaging Security Virtual Appliance.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/10/2016.
Identifiers: 1114746, 2016-0118, 2016-0159, 201X-0007, CVE-2016-4914, CVE-2016-4915, CVE-2016-4916, VIGILANCE-VUL-20799.

Description of the vulnerability

Several vulnerabilities were announced in Trend Micro InterScan Messaging Security Virtual Appliance.

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-4914]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-4915]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-4916]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0224

OpenSSL: man in the middle via ChangeCipherSpec

Synthesis of the vulnerability

An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, Provider-1, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, WebNS, Cisco WSA, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, HP Operations, ProCurve Switch, HP Switch, HP-UX, AIX, Tivoli Storage Manager, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, McAfee Web Gateway, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, JBoss EAP by Red Hat, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, InterScan Messaging Security Suite, InterScan Web Security Suite, TrendMicro ServerProtect, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: document.
Creation date: 05/06/2014.
Revision date: 05/06/2014.
Identifiers: 1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508.

Description of the vulnerability

The OpenSSL product implements SSL/TLS, which uses a handshake.

However, by using a handshake with a ChangeCipherSpec message, an attacker can force the usage of weak keys.

An attacker can therefore act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-3922

Trend Micro InterScan Messaging Security Virtual Appliance: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Virtual Appliance, in order to execute JavaScript code in the context of the web site.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 30/05/2014.
Identifiers: CVE-2014-3922, VIGILANCE-VUL-14817.

Description of the vulnerability

The Trend Micro InterScan Messaging Security Virtual Appliance product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Trend Micro InterScan Messaging Security Virtual Appliance, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-2995 CVE-2012-2996

Trend Micro InterScan Messaging Security Suite: two vulnerabilities

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting and a Cross Site Request Forgery in Trend Micro InterScan Messaging Security Suite, in order to execute actions with privileges of the authenticated user.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/09/2012.
Identifiers: BID-55542, CERTA-2012-AVI-515, CVE-2012-2995, CVE-2012-2996, VIGILANCE-VUL-11951, VU#471364.

Description of the vulnerability

Two vulnerabilities were announced in Trend Micro InterScan Messaging Security Suite.

The addRuleAttrWrsApproveUrl.imss and initUpdSchPage.imss pages do not filter their parameters, before injecting them in the generated HTML code. [severity:2/4; CVE-2012-2995]

The saveAccountSubTab.imss form does not check the origin of queries, before accepting them. [severity:2/4; CVE-2012-2996]

An attacker can therefore generate a Cross Site Scripting and a Cross Site Request Forgery in Trend Micro InterScan Messaging Security Suite, in order to execute actions with privileges of the authenticated user.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 8683

Trend Micro: bypassing via RAR, CAB and ZIP

Synthesis of the vulnerability

An attacker can create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Impacted products: TrendMicro Internet Security, InterScan Messaging Security Suite, InterScan Web Security Suite, ScanMail, TrendMicro ServerProtect.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/04/2009.
Identifiers: BID-34763, TZO-17-2009, VIGILANCE-VUL-8683.

Description of the vulnerability

Trend Micro products detect viruses contained in RAR, CAB and ZIP archives.

However, an attacker can create a slightly malformed archive, which can still be opened by Unrar/Unzip tools, but which cannot be opened by the antivirus.

Depending on Trend Micro product, these archives are handled in three ways:

OfficeScan and ServerProtect are vulnerable when Unrar/Unzip extracts the file on the desktop computer. These products are thus vulnerable when installed on a scan server. [severity:2/4]

InterScan Web Security Suite and InterScan Messaging Security quarantine the file by default. These products are vulnerable if the administrator changed the default configuration. [severity:2/4]

ScanMail does not indicate that the unscanned archive potentially contains a virus. This product is vulnerable in its default configuration. [severity:2/4]

An attacker can therefore create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-4277

Trend Micro AntiVirus scan engine: buffer overflow in Tmxpflt.sys

Synthesis of the vulnerability

A local attacker can run code on the system by exploiting a buffer overflow of Trend Micro AntiVirus scan engine.
Impacted products: TrendMicro Internet Security, InterScan Messaging Security Suite, InterScan Web Security Suite, ScanMail, TrendMicro ServerProtect.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 26/10/2007.
Identifiers: 1036190, CERTA-2007-AVI-456, CVE-2007-4277, VIGILANCE-VUL-7285.

Description of the vulnerability

Trend Micro products use a virus detection system named Trend Micro AntiVirus scan engine. This engine use filter defined by the Tmfilter.sys module under Windows.

Permissions on this module give writing rights for all users, and no control on data passed in parameter in the IOCTL 0xa0284403 are done. A local attacker can thus exploit this module in order to create a buffer overflow in Trend Micro AntiVirus scan engine.

A local attacker can thus run code on the system with SYSTEM rights on the machine.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Trend Micro InterScan Messaging Security Suite: