CVE-2002-0637

InterScan VirusWall 3.52 build 1462 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0637. PoCs published by SecuriTeam.

AI-analyzed exploit summary This Perl script exploits a vulnerability in TrendMicro's VirusWall by crafting a malformed email with extraneous spaces in HTTP header fields, allowing malicious attachments to bypass scanning. It sends an email with an EICAR test file attachment via SMTP, demonstrating the bypass.

Description

InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SecuriTeam · perlremotewindows
https://www.exploit-db.com/exploits/21625

This Perl script exploits a vulnerability in TrendMicro's VirusWall by crafting a malformed email with extraneous spaces in HTTP header fields, allowing malicious attachments to bypass scanning. It sends an email with an EICAR test file attachment via SMTP, demonstrating the bypass.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TrendMicro VirusWall (versions affected by CVE-2002-0637)
No auth needed
Prerequisites: SMTP server access · Target email address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9464.php
Patch, Vendor Advisory x_refsource_misc
http://www.securiteam.com/securitynews/5KP000A7QE.html

Scores

EPSS 0.0575
EPSS Percentile 92.1%

Details

Status published
Products (1)
trend_micro/interscan_viruswall 3.52
Published Jul 11, 2002
Tracked Since Feb 18, 2026