Trend Micro Products AntiVirus Library Buffer Overflow
Sunday, 27 February 2005 by Michel Roth
If you run Trend Micro Products in your DMZ or internetfacing sytems, then you should be extra alarmed by this bulletin. Do not rely on the scan-engine-auto-update to patch this vulnerability. I tried updating the scan engine via auto update to a non-vulnerable version (7.510) last friday but this was not possible. A manual update was required. Perhaps this issue is resolved by now but you should still double-check.

ISS X-Force has reported a vulnerability in various Trend Micro products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the AntiVirus library when processing ARJ files. This can be exploited to cause a heap-based buffer overflow via a specially crafted ARJ file containing an overly long filename. Successful exploitation allows execution of arbitrary code.

Read the advisory here.

Related Items:

F-Secure for Citrix Servers Critical Vulnerability (15 February 2005)
Firefox IDN URL Domain Name Buffer Overflow (13 September 2005)
Microsoft Windows "itss.dll" Heap Corruption Unpatched Vulnerability (10 May 2006)
Citrix ICA Client ActiveX Control Heap Overflow Vulnerability (6 December 2006)
0-Day Microsoft Excel Unspecified Code Execution Vulnerability (19 June 2006)
Citrix Metaframe XP Unspecified Buffer Overflow Vulnerability (23 December 2004)
VMware NAT Networking Buffer Overflow Vulnerability (21 December 2005)
McAfee Antivirus Products LHA Archive Stack Overflow Vulnerability (18 March 2005)
0-Day Microsoft Word 2000 Unspecified Code Execution Vulnerability (5 September 2006)
Warning: 0-Day Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability (6 November 2006)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy