CERTA-2005-AVI-089
Vulnerability from certfr_avis - Published: 2005-02-28 - Updated: 2005-02-28
Une vulnérabilité dans le traitement des archives ARJ par les produits Trend Micro permet l'exécution de code arbitraire à distance.
Description
Une vulnérabilité a été découverte dans le traitement des fichiers archive au format ARJ par le moteur VSAPI des produits Trend Micro.
Un utilisateur mal intentionné peut, par le biais d'un fichier ARJ malicieusement constitué, exécuter du code arbitraire à distance.
Solution
Mettre à jour le moteur VSAPI en version 7.510 ou ultérieure (cf Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | N/A | Trend Micro ScanMail eManager ; | ||
| Trend Micro | N/A | Trend Micro ScanMail for Lotus Domino on Windows ; | ||
| Trend Micro | N/A | Trend Micro InterScan WebManager ; | ||
| Trend Micro | N/A | Trend Micro InterScan Web Security Suite for Linux ; | ||
| Trend Micro | N/A | Trend Micro Client / Server / Messaging Suite for SMB for Windows ; | ||
| Trend Micro | N/A | Trend Micro ScanMail for Lotus Domino on AS/400 ; | ||
| Trend Micro | N/A | Trend Micro ScanMail for Lotus Domino on Solaris ; | ||
| Trend Micro | N/A | Trend Micro ServerProtect for Windows. | ||
| Trend Micro | N/A | Trend Micro PortalProtect for Sharepoint ; | ||
| Trend Micro | N/A | Trend Micro ScanMail for Lotus Domino on S/390 ; | ||
| Trend Micro | N/A | Trend Micro InterScan Viruswall for Windows ; | ||
| Trend Micro | N/A | Trend Micro for Microsoft Exchange ; | ||
| Trend Micro | N/A | Trend Micro InterScan Web Security Suite for Windows ; | ||
| Trend Micro | N/A | Trend Micro InterScan Viruswall for HP-UX ; | ||
| Trend Micro | N/A | Trend Micro InterScan eManager ; | ||
| Trend Micro | N/A | Trend Micro InterScan Messaging Security Suite for Linux ; | ||
| Trend Micro | N/A | Trend Micro InterScan Viruswall for Solaris ; | ||
| Trend Micro | N/A | Trend Micro OfficeScan Corp. Edition ; | ||
| Trend Micro | N/A | Trend Micro InterScan Viruswall for SMB ; | ||
| Trend Micro | N/A | Trend Micro PC-cillin Internet Security ; | ||
| Trend Micro | N/A | Trend Micro ScanMail for Lotus Domino on AIX ; | ||
| Trend Micro | N/A | Trend Micro InterScan WebProtect for ISA ; | ||
| Trend Micro | N/A | Trend Micro ServerProtect for Linux ; | ||
| Trend Micro | N/A | Trend Micro InterScan Viruswall for Linux ; | ||
| Trend Micro | N/A | Trend Micro InterScan Web Security Suite for Solaris ; | ||
| Trend Micro | N/A | Trend Micro Client / Server Suite for SMB for Windows ; | ||
| Trend Micro | N/A | Trend Micro InterScan Viruswall for AIX ; | ||
| Trend Micro | N/A | Trend Micro InterScan Messaginf Security Suite for Windows ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Trend Micro ScanMail eManager ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro ScanMail for Lotus Domino on Windows ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan WebManager ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Web Security Suite for Linux ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro Client / Server / Messaging Suite for SMB for Windows ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro ScanMail for Lotus Domino on AS/400 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro ScanMail for Lotus Domino on Solaris ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro ServerProtect for Windows.",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro PortalProtect for Sharepoint ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro ScanMail for Lotus Domino on S/390 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Viruswall for Windows ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro for Microsoft Exchange ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Web Security Suite for Windows ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Viruswall for HP-UX ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan eManager ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Messaging Security Suite for Linux ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Viruswall for Solaris ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro OfficeScan Corp. Edition ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Viruswall for SMB ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro PC-cillin Internet Security ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro ScanMail for Lotus Domino on AIX ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan WebProtect for ISA ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro ServerProtect for Linux ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Viruswall for Linux ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Web Security Suite for Solaris ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro Client / Server Suite for SMB for Windows ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Viruswall for AIX ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro InterScan Messaginf Security Suite for Windows ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des fichiers\narchive au format ARJ par le moteur VSAPI des produits Trend Micro.\n\nUn utilisateur mal intentionn\u00e9 peut, par le biais d\u0027un fichier ARJ\nmalicieusement constitu\u00e9, ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre \u00e0 jour le moteur VSAPI en version 7.510 ou ult\u00e9rieure (cf\nDocumentation).\n",
"cves": [],
"initial_release_date": "2005-02-28T00:00:00",
"last_revision_date": "2005-02-28T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro du 23 f\u00e9vrier 2005 :",
"url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution"
},
{
"title": "Mise \u00e0 jour du moteur VSAPI :",
"url": "http://www.trendmicro.com/download/engine.asp"
}
],
"reference": "CERTA-2005-AVI-089",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le traitement des archives ARJ par les produits\nTrend Micro permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de Trend Micro du 23 f\u00e9vrier 2005",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…