---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Trend Micro InterScan Web Security Suite Security Bypass SECUNIA ADVISORY ID: SA33867 VERIFY ADVISORY: http://secunia.com/advisories/33867/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: Trend Micro InterScan Web Security Suite for Windows 3.x http://secunia.com/advisories/product/21343/ DESCRIPTION: Julien Cayssol has reported a vulnerability in Trend Micro InterScan Web Security Suite, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an access control error in multiple JSP pages and can be exploited to modify the certain configuration values and e.g. create an administrator account. Successful exploitation requires "Auditor" or "Report Only" credentials. The vulnerability is reported in version 3.1. SOLUTION: Apply patch. http://www.trendmicro.com/ftp/products/patches/iwss_31_win_en_cp1237.zip PROVIDED AND/OR DISCOVERED BY: Julien Cayssol ORIGINAL ADVISORY: Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/iwss_31_win_en_readme_CP_1237_EN.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------