Security firm finds flaw in Trend anti-virus software

Security software and appliance firm ISS has reported a flaw in anti-virus software from Trend Micro that could allow hackers to...

Security software and appliance firm ISS has reported a flaw in anti-virus software from Trend Micro that could allow hackers to enter company networks and steal data from PCs and servers.

Trend Micro has confirmed the problem, which affects its Windows, Unix and Linux security solutions.

ISS and Trend Micro have made available patches for the hole. The problem relates to an opening in Trend Micro’s AntiVirus Library which is used by firms to protect PCs, servers, and network gateways.

A number of third-party security appliance companies also use Trend Micro software on their bundled security hardware solutions.

ISS said that by crafting an ARJ file for the Trend software, an attacker can trigger a "heap overflow" within the AntiVirus Library. The overflow allows a hacker to move in and take control of systems.

The ISS patch is available from:

http://www.iss.net/download.

The Trend Micro advisory is available from:

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close