[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Changes : [TZO-17-2009]Trendmicro multiple bypass/evasions
- To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, <info@xxxxxxxxxxxxx>, <vuln@xxxxxxxxxxx>, <cert@xxxxxxxx>, <nvd@xxxxxxxx>, <cve@xxxxxxxxx>
- Subject: Changes : [TZO-17-2009]Trendmicro multiple bypass/evasions
- From: Thierry Zoller <Thierry@xxxxxxxxx>
- Date: Sat, 9 May 2009 12:24:24 +0200
______________________________________________________________________
UPDATE : Trendmicro RAR / CAB bypass evasion
______________________________________________________________________
CHANGES to original advisory [TZO-172009] Trendmicro :
------------------------------------------------------
Status : RAR / CAB issue WILL be patched on June 17
Quoting vendor :
"This vulnerability is capable of allowing attackers to send RAR files
with corrupted RAR headers through our gateway products, which bypass
the compressed files without scanning them."
Comment:
This just goes to proove that publishing changes perception, as
customers read, react and complain. (Trend previously denied
patching). In other words, always publish even if the vendor denies
patching.
In the name of all TrendMicro customers I would like to thank those
customers that reacted and complained. Wihtout publication there is no
change, without those reacting to advisories there is neither.
Prooves #2 and #5 at
http://blog.zoller.lu/2009/04/dear-thierry-why-are-you-such-arrogant.html
to be valid.
Regards,
Thierry Zoller