Security software and appliance firm ISS has reported a flaw in anti-virus software from Trend Micro that could allow hackers to enter company networks and steal data from PCs and servers.
Trend Micro has confirmed the problem, which affects its Windows, Unix and Linux security solutions.
ISS and Trend Micro have made available patches for the hole. The problem relates to an opening in Trend Micro’s AntiVirus Library which is used by firms to protect PCs, servers, and network gateways.
A number of third-party security appliance companies also use Trend Micro software on their bundled security hardware solutions.
ISS said that by crafting an ARJ file for the Trend software, an attacker can trigger a "heap overflow" within the AntiVirus Library. The overflow allows a hacker to move in and take control of systems.
The ISS patch is available from:
The Trend Micro advisory is available from: