Strix
26.1K

CVE-2006-0642

UnknownEPSS 1.87%

Last modified

CVE-2006-0642 is a vulnerability of currently unknown severity. Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE.. EPSS estimates a 1.87% chance of exploitation in the next 30 days.

Description

Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE.

Metrics

EPSS Probability
1.87%

76.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Trend MicroInterscan Messaging Security SuiteAll versions
Trend MicroInterscan Web Security SuiteAll versions
Trend MicroServerprotect5.58

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-0642?
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE.
How severe is CVE-2006-0642?
Severity scoring for CVE-2006-0642 is pending analysis. The EPSS model estimates a 1.87% probability of exploitation in the next 30 days.
How do I fix CVE-2006-0642?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-0642?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST