Security flaw hits Trend Micro antivirus

Reported late Friday, and over the weekend, a flaw allowing complete control to an attacker was disclosed, affecting several Trend Micro products. The flaw is a buffer-over flow exploit, and was reported by Trend Micro and later confirmed by iDefense Labs.

This exploit is serious enough to earn a critical rating by Secunia. The advisory (SA24087) details the attack as; “The vulnerability is caused due to an error within the processing of UPX compressed executables. This can be exploited to cause a buffer overflow when scanning a specially crafted UPX compressed executable file. Successful exploitation may allow execution of arbitrary code or cause the system to crash. The vulnerability reportedly affects all Trend Micro products and versions that use the Scan Engine and Pattern File technology.”

Trend Micro responded to the published exploit and released a patch the same day. The exploit gained news not because it is a security risk, but because it affected Linux, Windows, and almost the entire Trend Micro product line. If you are a Trend Micro customer, and use the automatic update feature, then you should have your patch already. If you disabled the auto update feature, or on a company network push updates to software manually then you need to update to pattern 4.245.0 to access the patch and detect the threat.

Trend Micro said VSAPI 8.5, expected in the second quarter of 2007, would include this fix. The complete lists of at-risk programs are located below.

http://www.trendmicro.com/download/engine.asp
http://www.trendmicro.com/download/pattern.asp