Trendmicro multiple bypass/evasions

2009.05.09

Credit: Thierry Zoller

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

_______________________
UPDATE : Trendmicro RAR / CAB bypass evasion
_______________________
CHANGES to original advisory [TZO-172009] Trendmicro :
------------------------------------------------------
Status : RAR / CAB issue WILL be patched on June 17
Quoting vendor :
"This vulnerability is capable of allowing attackers to send RAR files
with corrupted RAR headers through our gateway products, which bypass
the compressed files without scanning them."
Comment:
This just goes to proove that publishing changes perception, as
customers read, react and complain. (Trend previously denied
patching). In other words, always publish even if the vendor denies
patching.
In the name of all TrendMicro customers I would like to thank those
customers that reacted and complained. Wihtout publication there is no
change, without those reacting to advisories there is neither.
Prooves #2 and #5 at http://blog.zoller.lu/2009/04/dear-thierry-why-are-you-such-arrogant.html
to be valid.
Regards,
Thierry Zoller

References:

http://seclists.org/fulldisclosure/2009/May/0075.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Trendmicro multiple bypass/evasions

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.