CVE-2006-0642
First published: Fri Feb 10 2006(Updated: )
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Web Security Suite | ||
| Trend Micro InterScan Messaging Security Suite | ||
| Trend Micro ServerProtect for Windows | =5.58 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf
- http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html
- http://www.securityfocus.com/bid/16483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24658
- http://www.securityfocus.com/archive/1/424598/100/0/threaded
- http://www.securityfocus.com/archive/1/424172/100/0/threaded
- http://www.securityfocus.com/archive/1/423914/100/0/threaded
- http://www.securityfocus.com/archive/1/423913/100/0/threaded
- http://www.securityfocus.com/archive/1/423896/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0642?
CVE-2006-0642 has moderate severity as it allows potential remote attacks due to inadequate file scanning configurations.
How do I fix CVE-2006-0642?
To fix CVE-2006-0642, update the default settings to ensure that compressed files are scanned regardless of the extracted file count.
Which versions of Trend Micro products are affected by CVE-2006-0642?
CVE-2006-0642 affects Trend Micro ServerProtect version 5.58, and potentially InterScan Web Security Suite and InterScan Messaging Security Suite.
What kind of attack can exploit CVE-2006-0642?
CVE-2006-0642 can be exploited through remote attacks that leverage unscanned compressed files containing malicious content.
Is there a workaround for CVE-2006-0642?
A potential workaround for CVE-2006-0642 is to manually adjust the configuration settings in the software to a higher threshold for scanning compressed files.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/trend micro
- canonical/trend micro web security suite
- canonical/trend micro interscan messaging security suite
- canonical/trend micro serverprotect for windows
- version/trend micro serverprotect for windows/5.58