Trend Micro InterScan Messaging Multiple Vulnerabilities

Date Disclosed:
9/13/2012

Date Patched:
Patch not available.

Vendor:
Trend Micro
Affected Software:
Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394
Description:

InterScan Messaging Security Suite is vulnerable to multiple cross-site scripting vulnerabilities and a cross-site request forgery vulnerability. These could be used by an attacker to execute an arbitrary script in the context of a logged in user.
Severity:
Moderate
Code Execution:
Yes: arbitrary scripts can be executed.
Impact:

Arbitrary script execution

Attackers that successfully exploit this vulnerability will be able to execute scripts within the context of a currently logged in user. This could be used by attackers to perform unauthorized actions on behalf of target users.

Mitigation:
No mitigation is currently available.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

• 17182 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day)
• 17183 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day) - x64

Links:

• Original Disclosure
• Proof of Concept
• CVE-2012-2995
• CVE-2012-2996

Status:
2012-09-13: Original Disclosure