Published:2017/12/26  Last Updated:2017/12/26

JVNVU#98736894
Multiple vulnerabilities in InterScan Messaging Security Virtual Appliance

Overview

InterScan Messaging Security Virtual Appliance provided by Trend Micro Incorporated contains multiple vulnerabilities.

Products Affected

  • InterScan Messaging Security Virtual Appliance 9.0
  • InterScan Messaging Security Virtual Appliance 9.1

Description

InterScan Messaging Security Virtual Appliance provided by Trend Micro Incorporated contains multiple vulnerabilities.

Impact

The possible impacts are as follows:

  • A user may execute an arbitrary command
  • A user may execute arbitrary code

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the following patches to address these vulnerabilities.

  • InterScan Messaging Security Virtual Appliance 9.0 Critical Patch 1629
  • InterScan Messaging Security Virtual Appliance 9.1 Critical Patch 1675

References

JPCERT/CC Addendum

This advisory mentions the vulnerabilities that are published on the TippingPoint Zero Day Initiative advisories listed below.

ZDI-17-502 (CVE-2017-11391) ZDI-17-504 (CVE-2017-11392)

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Trend Micro Incorporated and JPCERT/CC coordinated.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-11391
CVE-2017-11392
JVN iPedia