Compression handling issue affects swathe of products.
A wide range of
Trend Micro
security products are affected by a flaw in the handling of files compressed with UPX, which could be exploited to shut down the product or even access a machine remotely. An update is available to circumvent the problem.
The buffer overflow vulnerability was pointed out to
Trend
in mid-January, and has now been disclosed following the release of a pattern file to fix the hole. Affected products include flagship
OfficeScan
and
PC-cillin
scanners, as well as various mail and network security products including
Linux
and
NetWare
offerings.
Trend
‘s announcement of the problem, along with the fix, is available
here
. An alert from
iDefense
is
here
, and another from
Secunia
here
.
A second and less significant vulnerability, exploitable only from the local system, has also been reported in the Anti-Rootkit module included in several
Trend
products. This flaw has also been fixed with an upgrade, and details are again available from
Trend
,
iDefense
or
Secunia
.
Trend
users are advised to ensure both fixes are applied as soon as possible.
Posted on 08 February 2007 by
Virus Bulletin
Leave a Reply