Trend Micro Scan Engine UPX File Parsing Remote Denial of Service Vulnerability
BID:22965
Info
Trend Micro Scan Engine UPX File Parsing Remote Denial of Service Vulnerability
| Bugtraq ID: | 22965 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2007 12:00AM |
| Updated: | Mar 16 2007 04:44PM |
| Credit: | The discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
Trend Micro Scan Engine 8.3 Trend Micro Scan Engine 8 Trend Micro PC-Cillin Internet Security 2006 14.10 .1023 Trend Micro PC-Cillin Internet Security 2007 Trend Micro Internet Security Suite 2007 0 Trend Micro Antivirus 2007 |
| Not Vulnerable: | |
Discussion
Trend Micro Scan Engine UPX File Parsing Remote Denial of Service Vulnerability
Trend Micro Scan Engine is prone to a denial-of-service vulnerability because it fails to properly handle compressed UPX files.
An attacker can exploit this issue to crash the operating system, denying further service to legitimate users.
This issue affects various products using the Trend Micro Antivirus Scan Engine version 8 and above.
Trend Micro Scan Engine is prone to a denial-of-service vulnerability because it fails to properly handle compressed UPX files.
An attacker can exploit this issue to crash the operating system, denying further service to legitimate users.
This issue affects various products using the Trend Micro Antivirus Scan Engine version 8 and above.
Exploit / POC
Trend Micro Scan Engine UPX File Parsing Remote Denial of Service Vulnerability
An attacker can exploit this issue by sending a specially crafted UPX file to a vulnerable computer.
An attacker can exploit this issue by sending a specially crafted UPX file to a vulnerable computer.
Solution / Fix
Trend Micro Scan Engine UPX File Parsing Remote Denial of Service Vulnerability
Solution:
The vendor released a fix to address this issue. Please see the references for more information.
Trend Micro Antivirus 2007
Trend Micro Scan Engine 8.3
Trend Micro PC-Cillin Internet Security 2007
Trend Micro Scan Engine 8
Trend Micro PC-Cillin Internet Security 2006 14.10 .1023
Solution:
The vendor released a fix to address this issue. Please see the references for more information.
Trend Micro Antivirus 2007
-
Trend Micro OPR 4.335.00
ftp://download.trendmicro.com/products/pattern/lpt335.zip
Trend Micro Scan Engine 8.3
-
Trend Micro OPR 4.335.00
ftp://download.trendmicro.com/products/pattern/lpt335.zip
Trend Micro PC-Cillin Internet Security 2007
-
Trend Micro OPR 4.335.00
ftp://download.trendmicro.com/products/pattern/lpt335.zip
Trend Micro Scan Engine 8
-
Trend Micro OPR 4.335.00
ftp://download.trendmicro.com/products/pattern/lpt335.zip
Trend Micro PC-Cillin Internet Security 2006 14.10 .1023
-
Trend Micro OPR 4.335.00
ftp://download.trendmicro.com/products/pattern/lpt335.zip
References
Trend Micro Scan Engine UPX File Parsing Remote Denial of Service Vulnerability
References:
References:
- [Vulnerability Response] Blue Screen of Death (BSOD) and product exception in Tr (Trend Micro)
- PC-cillin Product Homepage (Trend Micro)
- Trend Micro Homepage (Trend Micro)
- RE: [VulnWatch] iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX P ('Topolski, Leo'
- iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Di (iDefense Labs)