A vulnerability has been reported in Trend Micro anti-virus and internet security products that can be exploited by remote attackers to cause a denial of service (DoS) attack to crash networks.
Internet security software firm Secunia said the vulnerability is caused due to an error within the processing of UPX compressed executables.
This can be exploited to cause a buffer overflow when scanning a specially crafted UPX compressed executable file.
Successful exploitation may allow execution of arbitrary code or cause the system to crash, said Secunia.
The vulnerability reportedly affects all Trend Micro products that use the firm’s Scan Engine and Pattern File technology, which is most of its products.
Users can address the problem by updating to Trend Micro’s virus pattern file to 4.245.00 or higher.
Link to Trend Micro advisory
Comment on this article: firstname.lastname@example.org
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security