Threat Encyclopedia



This indicates an attack attempt to exploit a remote Command Execution vulnerability in Trend Micro OfficeScan and InterScan Web Security Virtual Appliance (IWSVA).
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary OS commands within the context of the application, via a crafted HTTP request.

Affected Products

Trend Micro OfficeScan 11
Trend Micro OfficeScan XG
Trend Micro InterScan Messaging Security (Virtual Appliance) 9.0 prior to 9.0 CP 1629
Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1 prior to 9.1 CP 1675


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrades or patches from the vendor.