Trendmicro multiple bypass/evasions

2009.05.09
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

_______________________ UPDATE : Trendmicro RAR / CAB bypass evasion _______________________ CHANGES to original advisory [TZO-172009] Trendmicro : ------------------------------------------------------ Status : RAR / CAB issue WILL be patched on June 17 Quoting vendor : "This vulnerability is capable of allowing attackers to send RAR files with corrupted RAR headers through our gateway products, which bypass the compressed files without scanning them." Comment: This just goes to proove that publishing changes perception, as customers read, react and complain. (Trend previously denied patching). In other words, always publish even if the vendor denies patching. In the name of all TrendMicro customers I would like to thank those customers that reacted and complained. Wihtout publication there is no change, without those reacting to advisories there is neither. Prooves #2 and #5 at http://blog.zoller.lu/2009/04/dear-thierry-why-are-you-such-arrogant.html to be valid. Regards, Thierry Zoller

References:

http://seclists.org/fulldisclosure/2009/May/0075.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top