Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: TrendMicro (not Macro) Interscan Viruswall Directory Traversal
From: "Tri Huynh" <trihuynh () zeeup com>
Date: Wed, 24 Mar 2004 19:30:31 -0800

Hi,

I just take a look at my recent advisory and I find out that
I have made a typing mistake due to my terrible copy and
paste skill (I know, It happend before). I am sorry for the
confusion I have made. The vendor name is TrendMicro, not
TrendMacro (an investor company). Thank all the people
contacting me about my mistyping. Beer is the one to blame.

To Brain Keefer, I mistyped the word TrendMicro because
it was a copy and paste problem, once you mistype a word
and then copy and paste your mistyped word all over the place. However,
I think i am good enough to know what is a domain and what
is a bounced back email once I send to a wrong address.
And especially, when I first contacted TrendMicro, I know
how to go to the website and I can recognize if i
am in the right website or not since TrendMicro is
not a strange start-up company. I hope if you give out
comments next time, please low down your tone since
it may make some people feel offensive (Even if that is their fault).
Your CISSP title rocks !

Speaking of TrendMicro Interscan, I believe that there are still
many trivial problems in the product that needed to be addressed
like Telewindow Javascript allows attacker to hijack, steal
information at the user browser, and of course XSS is all over
the place. I will contact TrendMicro again (They haven't responsed
the last time) to report them about these problems before
releasing  detail advisories.

Regards,

Trihuynh

----- Original Message ----- 
From: "Brian Keefer" <chort () amaunetsgothique com>
To: "Tri Huynh" <trihuynh () zeeup com>
Cc: <bugtraq () securityfocus com>; <full-disclosure () lists netsys com>;
<PenetrationTesting () yahoogroups com>; <vnsec () sentryunion com>;
<bugs () securitytracker com>; <news () securiteam com>; <vuln () secunia com>
Sent: Wednesday, March 24, 2004 2:22 PM
Subject: Re: TrendMacro Interscan Viruswall Directory Traversal


On Wed, 2004-03-24 at 07:11, Tri Huynh wrote:
   TrendMacro Interscan Viruswall Directory Traversal
   =================================================

   PROGRAM: TrendMacro Interscan Viruswall
   HOMEPAGE: http://www.trendmicro.com
   VULNERABLE VERSIONS: - 3.5x (Windows)
                                                  - Unix/Solaris
version is
not tested but possibly
                                                     vulnerable

"TrendMacro" does not make anti-virus products.  Did you try visiting
their website (www.trendmacro.com)?  The only place you got their domain
right was in the HOMEPAGE: section.  Everywhere else in your "advisory"
you misspelled the name of the company/domain.

  Update: The technical support email  virus_doctor () trendmacro com was
  sent an email concern about this problem. However, it has been 6
days
  and we haven't received any reponses yet.

That's because you didn't send the message to the correct domain.  It
should have been sent to "trendmicro.com".  No wonder they didn't
respond to you.

-- 
Brian Keefer, CISSP
Systems Engineer
CipherTrust Inc, www.CipherTrust.com




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault