Subject: RE: [TDSCC803150E] HTML code in image-files
Date: Tue, 31 Jul 2001 11:29:47 +0800
From: <support@support.trendmicro.com>
To: <j.bol@itsec.nl>
CASE ID TDSC-C803150E
CASE STATUS Solution Sent
PRODUCT Applet Trap
Please do not remove [Case ID] when replying to this mail. Thank you.
Dear Jeroen,
Good day!
I received your e-mail and have itemized your concerns. Allow me to answer each
issue separately. Please correct me if I left some issues or if I misunderstood
your inquiry/problem.
Problem:
Is TrendMicro aware of the possibility that AppletTrap only scans HTML files and
IE ignores file extensions when it is parsing and loading a web site, IE looks
at the content-type instead.
Solution:
TrendMicro is aware of this issue. Based on our Product Manager's information,
this issue will be fixed in the upcoming version of AppletTrap which is
AppletTrap Version 2.5 which is tentatively for release by the end of August.
Hope this helps. Should you have further questions regarding this problem,
please let us know and we will be glad to assist you. You can also email us for
your comments, suggestions, and/or feedbacks.
Thank you and hope to hear from you soon!
Respectfully yours,
Miriam P. Canlas - MCP+I, MCSE
Systems Engineer (Gateway Team), PSS Department
TrendLabs HQ, Trend Micro Incorporated
[URL / website] http://www.antivirus.com
[email] support@support.trendmicro.com
[Knowledge Base] http://solutionbank.antivirus.com/solutions
[US Corp. Support] +1 888 608 1009
If you have any comments or suggestions regarding our support,
pls. e-mail us at: comments@support.trendmicro.com
For complaints,
pls. email us directly at: gateway_manager@support.trendmicro.com
Avail of our Online Free Scanning: http://housecall.antivirus.com
When replying to this email, kindly refrain from changing the subject, as this
contains your Case ID and Case Description.
---- Original Message ----
Sir, Madam,
As you might know, there is currently a security thread going with the topic:
"TXT or HTML? - IE NEW BUG",
http://marc.theaimsgroup.com/?t=9962879220000&w=2&r=1.
The issue is about IE ignoring file extensions when it is parsing and loading a
web site, IE looks at the content-type instead.
Rebecca Kastl responded to the mailing list with
an interesting view on the whole situation. The posting can be found at:
http://marc.theaimsgroup.com/?l=bugtraq&m=996474320041&38&w=2
Summary: when a user is behind a content scanner, which filters scripts, and has
scripting enabled in IE, it is possible to let scripts pass through the content
scanner, because the scanner only scans HTML files, not images.
My questions are: is the TrendMicro team aware of this possibility and does
AppletTrap detect HTML script code nested in image files?
Waiting for a quick response,
Jeroen Bol
EVAS Security Team, http://www.evas.nl
ITsec Netherlands B.V, http://www.ITsec.nl
--
ITsec Nederland B.V. may not be held liable for the effects or damages caused by
the direct or indirect use of the information or functionality provided by this
posting, nor the content contained within. Use them at your own risk. ITsec
Nederland B.V. bears no responsibility for misuse of this posting or any
derivatives thereof.
