Security firm finds flaw in Trend anti-virus software

News

Security firm finds flaw in Trend anti-virus software

Antony Savvas

Security software and appliance firm ISS has reported a flaw in anti-virus software from Trend Micro that could allow hackers to enter company networks and steal data from PCs and servers.

Trend Micro has confirmed the problem, which affects its Windows, Unix and Linux security solutions.

ISS and Trend Micro have made available patches for the hole. The problem relates to an opening in Trend Micro’s AntiVirus Library which is used by firms to protect PCs, servers, and network gateways.

A number of third-party security appliance companies also use Trend Micro software on their bundled security hardware solutions.

ISS said that by crafting an ARJ file for the Trend software, an attacker can trigger a "heap overflow" within the AntiVirus Library. The overflow allows a hacker to move in and take control of systems.

The ISS patch is available from:

http://www.iss.net/download.

The Trend Micro advisory is available from:

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy