The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TrendMicro InterScan Messaging Security Suite

vulnerability alert CVE-2012-2995 CVE-2012-2996

Trend Micro InterScan Messaging Security Suite: two vulnerabilities

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting and a Cross Site Request Forgery in Trend Micro InterScan Messaging Security Suite, in order to execute actions with privileges of the authenticated user.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Creation date: 14/09/2012.
Identifiers: BID-55542, CERTA-2012-AVI-515, CVE-2012-2995, CVE-2012-2996, VIGILANCE-VUL-11951, VU#471364.

Description of the vulnerability

Two vulnerabilities were announced in Trend Micro InterScan Messaging Security Suite.

The addRuleAttrWrsApproveUrl.imss and initUpdSchPage.imss pages do not filter their parameters, before injecting them in the generated HTML code. [severity:2/4; CVE-2012-2995]

The saveAccountSubTab.imss form does not check the origin of queries, before accepting them. [severity:2/4; CVE-2012-2996]

An attacker can therefore generate a Cross Site Scripting and a Cross Site Request Forgery in Trend Micro InterScan Messaging Security Suite, in order to execute actions with privileges of the authenticated user.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 8683

Trend Micro: bypassing via RAR, CAB and ZIP

Synthesis of the vulnerability

An attacker can create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Impacted products: TrendMicro Internet Security, InterScan Messaging Security Suite, InterScan Web Security Suite, ScanMail, TrendMicro ServerProtect.
Severity: 2/4.
Creation date: 30/04/2009.
Identifiers: BID-34763, TZO-17-2009, VIGILANCE-VUL-8683.

Description of the vulnerability

Trend Micro products detect viruses contained in RAR, CAB and ZIP archives.

However, an attacker can create a slightly malformed archive, which can still be opened by Unrar/Unzip tools, but which cannot be opened by the antivirus.

Depending on Trend Micro product, these archives are handled in three ways:

OfficeScan and ServerProtect are vulnerable when Unrar/Unzip extracts the file on the desktop computer. These products are thus vulnerable when installed on a scan server. [severity:2/4]

InterScan Web Security Suite and InterScan Messaging Security quarantine the file by default. These products are vulnerable if the administrator changed the default configuration. [severity:2/4]

ScanMail does not indicate that the unscanned archive potentially contains a virus. This product is vulnerable in its default configuration. [severity:2/4]

An attacker can therefore create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2007-4277

Trend Micro AntiVirus scan engine: buffer overflow in Tmxpflt.sys

Synthesis of the vulnerability

A local attacker can run code on the system by exploiting a buffer overflow of Trend Micro AntiVirus scan engine.
Impacted products: TrendMicro Internet Security, InterScan Messaging Security Suite, InterScan Web Security Suite, ScanMail, TrendMicro ServerProtect.
Severity: 2/4.
Creation date: 26/10/2007.
Identifiers: 1036190, CERTA-2007-AVI-456, CVE-2007-4277, VIGILANCE-VUL-7285.

Description of the vulnerability

Trend Micro products use a virus detection system named Trend Micro AntiVirus scan engine. This engine use filter defined by the Tmfilter.sys module under Windows.

Permissions on this module give writing rights for all users, and no control on data passed in parameter in the IOCTL 0xa0284403 are done. A local attacker can thus exploit this module in order to create a buffer overflow in Trend Micro AntiVirus scan engine.

A local attacker can thus run code on the system with SYSTEM rights on the machine.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TrendMicro InterScan Messaging Security Suite: