Windows Networking Admin Blog RSS

All Blogs » Windows Networking Admin Blog » News » Blog article: Trend Micro: [Vulnerability Confirmation] Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability

Trend Micro: [Vulnerability Confirmation] Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability

Solution ID:		1034289 A recent system upgrade added a ‘1′ or ‘2′ to old solution IDs. You find these solutions by removing or retaining the extra ‘1′ or ‘2′.

Product:		Scan Engine - 8.300, Scan Engine - 8.000

Operating System:		N/A

Published:		2/6/07 5:18 AM

Problem:		Trend Micro has become aware of a vulnerability in its Scan Engine, wherein a corrupted UPX file can cause a buffer overflow and lead to either of the following: • Blue screen of death (BSOD) • Execution of arbitrary code that allows an attacker to take control of the system It affects all Trend Micro products and versions using the Scan Engine and Pattern File technology. A complete list of products is found in: • http://www.trendmicro.com/download/engine.asp • http://www.trendmicro.com/download/pattern.asp


Solution:		To address the vulnerability, update to virus pattern file 4.245.00 or higher. This provides the following fixes: • Update of the UPX Parsing algorithm • Generic detection for malformed UPX files Enhancements will also be applied on the Scan Engine and the fix will be included in the upcoming release of version 8.5. If you encounter issues downloading the pattern file from the ActiveUpdate server, refer to the following manual update solutions: Client / Server / Messaging Security for SMB Manually updating the Pattern File on the Security Server Manually updating the Pattern File on the Client / Server Security Agent Manually updating the Pattern File on the Messaging Security Agent Client / Server Security for SMB Manually updating the Pattern File on the Security Server Manually updating the Pattern File on the Client / Server Security Agent Control Manager InterScan Messaging Security Suite InterScan VirusWall InterScan VirusWall for SMB (version 5.0) InterScan Web Security Suite OfficeScan ScanMail for Lotus Domino ScanMail for Microsoft Exchange ServerProtect for Linux ServerProtect for Microsoft Windows ServerProtect for Novell NetWare Trend Micro PC-cillin Internet Security 2005 Trend Micro PC-cillin Internet Security 2006 Trend Micro PC-cillin Internet Security 2007 If you suspect that you may have been affected by this vulnerability, contact your Technical Account Manager or Trend Micro Technical Support Services in your region. This vulnerability was reported to Trend Micro by the iDefense Vulnerability Labs.

This entry was posted on Thursday, February 8th, 2007 at 7:51 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Featured Links*

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

About Us : : Product Submission Form : Advertising Information
WindowsNetworking.com is in no way affiliated with Microsoft Corp. *Links are sponsored by advertisers.

Copyright © 2008 TechGenix Ltd. All rights reserved. Please read our Privacy Policy and Terms & Conditions.

Windows Networking Admin Blog is proudly powered by WordPress. Entries (RSS) and Comments (RSS).