Additional Vulnerabilities in TrendMicro's InterScan AppletTrap Malicious Code Filtering Software Allow Remote Users to Create HTML With Malicious Code That Will Bypass the Filtering Mechanisms
SecurityTracker Alert ID: 1002114|
SecurityTracker URL: http://securitytracker.com/id/1002114
(Links to External Site)
Date: Jul 29 2001
Host/resource access via network|
Vendor Confirmed: Yes Exploit Included: Yes |
It is reported that there are additional vulnerabilities in Trend Micro's InterScan AppletTrap software that allows malicious code to bypass the filtering software.|
eDvice reports that there are two problems with AppletTrap's Script filtering mechanism:
2) AppletTrap does not filter scripting tags that are constructed using extended Unicode notation.
A remote user can create malicious HTML web pages that will bypass the AppletTrap filtering mechanism.|
No solution was available at the time of this entry. The vendor reportedly plans to address these vulnerabilities in version 2.5.|
Vendor URL: www.antivirus.com/ (Links to External Site)
Input validation error, State error|
UNIX (Solaris - SunOS), Windows (NT), Windows (2000)|
Source Message Contents
Date: Sun, 29 Jul 2001 11:13:01 +0200|
Subject: Various problems in Ternd Micro AppletTrap Script filtering
Sunday 29 July 2001
Various problems in Ternd Micro AppletTrap Script filtering
This is a different advisory than the one we posted on July 9
Trend Micro Applet Trap is a product for blocking malicious Java applets,
product includes an option for URL filtering.
eDvice recently conducted a test of AppletTrap's ability to filter Scripts
at the gateway. AppletTrap includes the ability to filter script languages
AppletTrap includes some design and implementation flaws, which allow an
attacker to bypass restrictions set by the product administrator and
introduce malicious code into an organization.
We found two problems with AppletTrap's Script filtering mechanism:
AppletTrap will not filter scripts that should have been filtered by policy
as long as these scripts appear after a script that is allowed by policy.
For example, if the policy is set to filter only VBScript and not
2) AppletTrap does not recognize and does not filter scripting tags
constructed using extended Unicode notation. This is the same problem we
reported in http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html
(see also http://www.securityfocus.com/bid/2801) for a different product.
Status and solution
Trend Micro has confirmed these vulnerabilities and will address them in
Discovered by eDvice on 11 July 2001.