Thứ Bảy, 23 tháng 11, 2013

Trend Micro InterScan Messaging Multiple Vulnerabilities

Date Disclosed:
9/13/2012

Date Patched:
Patch not available.

Vendor:
Trend Micro
Affected Software:
Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394
Description:

InterScan Messaging Security Suite is vulnerable to multiple cross-site scripting vulnerabilities and a cross-site request forgery vulnerability. These could be used by an attacker to execute an arbitrary script in the context of a logged in user.
Severity:
Moderate
Code Execution:
Yes: arbitrary scripts can be executed.
Impact:

Arbitrary script execution
Attackers that successfully exploit this vulnerability will be able to execute scripts within the context of a currently logged in user. This could be used by attackers to perform unauthorized actions on behalf of target users.
Mitigation:
No mitigation is currently available.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 17182 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day)
  • 17183 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day) - x64
Links:

Status:
2012-09-13: Original Disclosure

Không có nhận xét nào:

Đăng nhận xét