Re: TrendMicro (not Macro) Interscan Viruswall Directory Traversal

["Tri Huynh" <trihuynh () zeeup com>]

Hi,

I just take a look at my recent advisory and I find out that
I have made a typing mistake due to my terrible copy and
paste skill (I know, It happend before). I am sorry for the
confusion I have made. The vendor name is TrendMicro, not
TrendMacro (an investor company). Thank all the people
contacting me about my mistyping. Beer is the one to blame.

To Brain Keefer, I mistyped the word TrendMicro because
it was a copy and paste problem, once you mistype a word
and then copy and paste your mistyped word all over the place. However,
I think i am good enough to know what is a domain and what
is a bounced back email once I send to a wrong address.
And especially, when I first contacted TrendMicro, I know
how to go to the website and I can recognize if i
am in the right website or not since TrendMicro is
not a strange start-up company. I hope if you give out
comments next time, please low down your tone since
it may make some people feel offensive (Even if that is their fault).
Your CISSP title rocks !

Speaking of TrendMicro Interscan, I believe that there are still
many trivial problems in the product that needed to be addressed
like Telewindow Javascript allows attacker to hijack, steal
information at the user browser, and of course XSS is all over
the place. I will contact TrendMicro again (They haven't responsed
the last time) to report them about these problems before
releasing  detail advisories.

Regards,

Trihuynh

----- Original Message ----- 
From: "Brian Keefer" <chort () amaunetsgothique com>
To: "Tri Huynh" <trihuynh () zeeup com>
Cc: <bugtraq () securityfocus com>; <full-disclosure () lists netsys com>;
<PenetrationTesting () yahoogroups com>; <vnsec () sentryunion com>;
<bugs () securitytracker com>; <news () securiteam com>; <vuln () secunia com>
Sent: Wednesday, March 24, 2004 2:22 PM
Subject: Re: TrendMacro Interscan Viruswall Directory Traversal


> On Wed, 2004-03-24 at 07:11, Tri Huynh wrote:
> >    TrendMacro Interscan Viruswall Directory Traversal
> >    =================================================
> >
> >    PROGRAM: TrendMacro Interscan Viruswall
> >    HOMEPAGE: http://www.trendmicro.com
> >    VULNERABLE VERSIONS: - 3.5x (Windows)
> >                                                   - Unix/Solaris
> version is
> > not tested but possibly
> >                                                      vulnerable
>
> "TrendMacro" does not make anti-virus products.  Did you try visiting
> their website (www.trendmacro.com)?  The only place you got their domain
> right was in the HOMEPAGE: section.  Everywhere else in your "advisory"
> you misspelled the name of the company/domain.
>
> >   Update: The technical support email  virus_doctor () trendmacro com was
> >   sent an email concern about this problem. However, it has been 6
> days
> >   and we haven't received any reponses yet.
>
> That's because you didn't send the message to the correct domain.  It
> should have been sent to "trendmicro.com".  No wonder they didn't
> respond to you.
>
> -- 
> Brian Keefer, CISSP
> Systems Engineer
> CipherTrust Inc, www.CipherTrust.com