Trend.Micro.Multiple.Products.modTMCSS.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a remote Command Execution vulnerability in Trend Micro OfficeScan and InterScan Web Security Virtual Appliance (IWSVA).
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary OS commands within the context of the application, via a crafted HTTP request.

affected-products-logoAffected Products

Trend Micro OfficeScan 11
Trend Micro OfficeScan XG
Trend Micro InterScan Messaging Security (Virtual Appliance) 9.0 prior to 9.0 CP 1629
Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1 prior to 9.1 CP 1675

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrades or patches from the vendor.
InterScan
https://success.trendmicro.com/solution/1117723
OfficeScan
https://success.trendmicro.com/solution/1117769

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)