mailing list archives
Re: TrendMicro (not Macro) Interscan Viruswall Directory Traversal
From: "Tri Huynh" <trihuynh () zeeup com>
Date: Wed, 24 Mar 2004 19:30:31 -0800
I just take a look at my recent advisory and I find out that
I have made a typing mistake due to my terrible copy and
paste skill (I know, It happend before). I am sorry for the
confusion I have made. The vendor name is TrendMicro, not
TrendMacro (an investor company). Thank all the people
contacting me about my mistyping. Beer is the one to blame.
To Brain Keefer, I mistyped the word TrendMicro because
it was a copy and paste problem, once you mistype a word
and then copy and paste your mistyped word all over the place. However,
I think i am good enough to know what is a domain and what
is a bounced back email once I send to a wrong address.
And especially, when I first contacted TrendMicro, I know
how to go to the website and I can recognize if i
am in the right website or not since TrendMicro is
not a strange start-up company. I hope if you give out
comments next time, please low down your tone since
it may make some people feel offensive (Even if that is their fault).
Your CISSP title rocks !
Speaking of TrendMicro Interscan, I believe that there are still
many trivial problems in the product that needed to be addressed
information at the user browser, and of course XSS is all over
the place. I will contact TrendMicro again (They haven't responsed
the last time) to report them about these problems before
releasing detail advisories.
----- Original Message -----
From: "Brian Keefer" <chort () amaunetsgothique com>
To: "Tri Huynh" <trihuynh () zeeup com>
Cc: <bugtraq () securityfocus com>; <full-disclosure () lists netsys com>;
<PenetrationTesting () yahoogroups com>; <vnsec () sentryunion com>;
<bugs () securitytracker com>; <news () securiteam com>; <vuln () secunia com>
Sent: Wednesday, March 24, 2004 2:22 PM
Subject: Re: TrendMacro Interscan Viruswall Directory Traversal
On Wed, 2004-03-24 at 07:11, Tri Huynh wrote:
TrendMacro Interscan Viruswall Directory Traversal
PROGRAM: TrendMacro Interscan Viruswall
VULNERABLE VERSIONS: - 3.5x (Windows)
not tested but possibly
"TrendMacro" does not make anti-virus products. Did you try visiting
their website (www.trendmacro.com)? The only place you got their domain
right was in the HOMEPAGE: section. Everywhere else in your "advisory"
you misspelled the name of the company/domain.
Update: The technical support email virus_doctor () trendmacro com was
sent an email concern about this problem. However, it has been 6
and we haven't received any reponses yet.
That's because you didn't send the message to the correct domain. It
should have been sent to "trendmicro.com". No wonder they didn't
respond to you.
Brian Keefer, CISSP
CipherTrust Inc, www.CipherTrust.com
Full-Disclosure - We believe in it.