Trend Micro Scanning Engine Report Generation HTML Injection Vulnerability

Trend Micro's scanning engine is reportedly affected by an HTML injection vulnerability in its report generation feature. This issue is due to a failure to properly sanitize user-supplied before including it in a HTML report.

It has been speculated that the offending HTML alert reports run from the local zone on the affected computer, although this has not been verified.

This issue may be exploited by a remote attacker to execute arbitrary HTML or script code on an affected computer; potentially resulting in unauthorized access. Other attackers are also possible.


Privacy Statement
Copyright 2010, SecurityFocus