SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#276432

Trend Micro AntiVirus fails to properly process malformed UPX packed executables

Overview

The Trend Micro AntiVirus scanning engine contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro virus scanning engine is included with Trend Micro security suites and other AntiVirus products. UPX is an open source packer for several executable formats. Malicious code is known to be compressed with UPX to avoid detection.

A buffer overflow vulnerability exists in Trend Micro AntiVirus that may occur when the scanning engine processes a malformed UPX archived file. If a specially crafted, UPX packed executable is scanned by Trend Micro, this vulnerability may be triggered.

Note that both Microsoft Windows and Linux operating systems running unpatched versions of the Trend Micro virus engine may be vulnerable.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with kernel level privileges, or create a denial-of-service condition.

III. Solution

Upgrade

Trend Micro has released an update to address this issue.

Systems Affected

VendorStatusDate Updated
Trend MicroVulnerable8-Feb-2007

References


http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289
http://upx.sourceforge.net/#formats
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470
http://secunia.com/advisories/24087/
http://securitytracker.com/alerts/2007/Feb/1017603.html
http://securitytracker.com/alerts/2007/Feb/1017602.html
http://securitytracker.com/alerts/2007/Feb/1017601.html
http://www.securityfocus.com/bid/22449

Credit

Thanks to iDefense for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public02/07/2007
Date First Published02/08/2007 11:02:04 AM
Date Last Updated03/15/2007
CERT Advisory 
CVE-ID(s) 
NVD-ID(s) 
US-CERT Technical Alerts 
Metric42.53
Document Revision61

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader