Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28038] Trend Micro Products UUE File Parsing Buffer Overflow
> ----------------------------------------------------------------------
>
> TITLE:
> Trend Micro Products UUE File Parsing Buffer Overflow
>
> SECUNIA ADVISORY ID:
> SA28038
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28038/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Trend Micro Internet Security 2008
> http://secunia.com/product/16916/
> Trend Micro Internet Security Pro 2008
> http://secunia.com/product/16915/
> Trend Micro AntiVirus plus AntiSpyware 2008
> http://secunia.com/product/16917/
>
> DESCRIPTION:
> Sowhat has reported a vulnerability in some Trend Micro products,
> which potentially can be exploited by malicious people to compromise
> a user's system.
>
> The vulnerability is caused due to a boundary error within
> PccScan.dll when decoding UUE files and can be exploited to cause a
> buffer overflow via a specially crafted UUE file.
>
> NOTE: The vendor's advisory states that the vulnerability is caused
> due to a format-string error when handling certain fields of a UUE
> file during decoding. It is not clear if this is a separate
> vulnerability.
>
> The vulnerability affects English versions of the following
> products:
> * Trend Micro Internet Security Pro
> * Trend Micro Internet Security/Virus Buster 2008
> * Trend Micro Antivirus plus AntiSpyware 2008
>
> SOLUTION:
> Apply patch.
> http://solutionfile.trendmicro.com/solutionfile/1036464/EN/tis
> _160_win_en_patch_pccscan1451.exe
>
> PROVIDED AND/OR DISCOVERED BY:
> Sowhat, Nevis Labs
>
> ORIGINAL ADVISORY:
> Trend Micro:
> http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
>
> Sowhat:
> http://secway.org/advisory/AD20071211.txt
>
|
