Trend Micro Internet Security Toolbar Denial of Service Vulnerability

Bugtraq ID:	39405
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 12 2010 12:00AM
Updated:	Apr 12 2010 12:00AM
Credit:	Alex Holden
Vulnerable:	Trend Micro Internet Security 0
Not Vulnerable:

Trend Micro Internet Security Toolbar Denial of Service Vulnerability

Trend Micro Internet Security is prone to a denial-of-service vulnerability that affects the Trend Micro Toolbar plugin.

Attackers can exploit this issue to cause an affected application (e.g. Mozilla Firefox, Internet Explorer) to crash, resulting in denial-of-service conditions. Attackers may also be able to execute arbitrary code, but this has not been confirmed.

The issue affects the Trend Micro Toolbar version 1.6.0 running in Microsoft Internet Explorer 8 and Mozilla Firefox 3.6.3.

Trend Micro Internet Security Toolbar Denial of Service Vulnerability

Attackers can exploit this issue by enticing an unsuspecting user to follow a long URI.

Trend Micro Internet Security Toolbar Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Trend Micro Internet Security Toolbar Denial of Service Vulnerability

References:

• Trend Micro Homepage (Trend Micro)
  
• TrendMicro Toolbar + Long URL = Fail (Brian Krebs)