Security firm finds flaw in Trend anti-virus software

News

Security firm finds flaw in Trend anti-virus software

Antony Savvas

Security software and appliance firm ISS has reported a flaw in anti-virus software from Trend Micro that could allow hackers to enter company networks and steal data from PCs and servers.

Trend Micro has confirmed the problem, which affects its Windows, Unix and Linux security solutions.

ISS and Trend Micro have made available patches for the hole. The problem relates to an opening in Trend Micro’s AntiVirus Library which is used by firms to protect PCs, servers, and network gateways.

A number of third-party security appliance companies also use Trend Micro software on their bundled security hardware solutions.

ISS said that by crafting an ARJ file for the Trend software, an attacker can trigger a "heap overflow" within the AntiVirus Library. The overflow allows a hacker to move in and take control of systems.

The ISS patch is available from:

http://www.iss.net/download.

The Trend Micro advisory is available from:

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy