BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Trend Micro InterScan Messaging Multiple Vulnerabilities

Disclosed September 13, 2012    No Patch Available

Vulnerability Description:

InterScan Messaging Security Suite is vulnerable to multiple cross-site scripting vulnerabilities and a cross-site request forgery vulnerability. These could be used by an attacker to execute an arbitrary script in the context of a logged in user.

Vendors:

Trend Micro

Vulnerable Software/Devices:

Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Cross-Site Request Forgery, Cross-Site Scripting
Attackers that successfully exploit this vulnerability will be able to execute scripts within the context of a currently logged in user. This could be used by attackers to perform unauthorized actions on behalf of target users.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 17182 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day)
  • 17183 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day) - x64

Mitigation:

No mitigation is currently available.

Links:

CVE(s):