Trend Micro Antivirus engine UPX buffer overflow
| antivirus-upx-bo (32352) |  High Risk |
Description:
The Trend Micro Antivirus engine is vulnerable to a buffer overflow, caused by improper parsing of UPX compressed executables. By sending a specially-crafted UPX compressed executable, a remote attacker could overflow a buffer and execute arbitrary code on the system with root or SYSTEM privileges or cause the application to crash.
Platforms Affected:
- Cyber Clean Center, Cyber Clean Center Cleaner 1.x
- Trend Micro, Client Server Messaging Suite SMB for Windows
- Trend Micro, Client Server Suite SMB for Windows
- Trend Micro, Control Manager
- Trend Micro, InterScan eManager
- Trend Micro, InterScan Messaging Security Linux
- Trend Micro, InterScan Messaging Security Solaris
- Trend Micro, InterScan Messaging Security Windows
- Trend Micro, InterScan VirusWall AIX
- Trend Micro, InterScan VirusWall HP-UX
- Trend Micro, InterScan VirusWall Linux
- Trend Micro, InterScan VirusWall SMB
- Trend Micro, InterScan VirusWall Solaris
- Trend Micro, InterScan VirusWall Windows
- Trend Micro, InterScan Web Security Suite Linux
- Trend Micro, InterScan Web Security Suite Solaris
- Trend Micro, InterScan Web Security Suite Windows
- Trend Micro, InterScan WebManager
- Trend Micro, InterScan WebProtect for ISA
- Trend Micro, OfficeScan
- Trend Micro, PC-cillin Internet Security
- Trend Micro, PortalProtect for Sharepoint
- Trend Micro, scan engine prior to 8.5
- Trend Micro, ScanMail Microsoft Exchange
- Trend Micro, ScanMail for Domino
- Trend Micro, ServerProtect Windows
- Trend Micro, ServerProtect Linux
Remedy:
Refer to Trend Micro Solution ID: 1034289 for patch, upgrade, or suggested workaround information. See References.
Consequences:
Gain Access
References:
- iDefense Labs PUBLIC ADVISORY: 02.07.07, Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470.
- Trend Micro Solution ID: 1034289, [Vulnerability Confirmation] Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability at http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289.
- BID-22449: Trend Micro Antivirus UPX Compressed PE File Buffer Overflow Vulnerability
- CVE-2007-0851: Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
- SA24087: Trend Micro Products UPX Processing Buffer Overflow Vulnerability
- SA24128: CCC Cleaner UPX Processing Buffer Overflow Vulnerability
- SECTRACK ID: 1017601: Trend Micro Interscan VirusWall UPX File Buffer Overflow Lets Remote Users Execute Arbitrary Code
- SECTRACK ID: 1017602: Trend Micro OfficeScan UPX File Buffer Overflow Lets Remote Users Execute Arbitrary Code
- SECTRACK ID: 1017603: Trend Micro PC-cillin UPX File Buffer Overflow Lets Remote Users Execute Arbitrary Code
- US-CERT VU#276432: Trend Micro AntiVirus fails to properly process malformed UPX packed executables
- VUPEN/ADV-2007-0522: Trend Micro Antivirus Products UPX File Parsing Kernel Buffer Overflow Vulnerability
- VUPEN/ADV-2007-0569: CCC Cleaner UPX File Parsing Buffer Overflow Client-Side Code Execution Vulnerability
Reported:
Feb 07, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net