Trend Micro archive bug unearthed
Trend Micro is urging users of its anti-virus products to apply security updates following the discovery of a potentially serious security vulnerability in 29 of its products. The security bug - discovered by security researchers at ISS - involves flaws in the processing of ARJ archive files by an antivirus library that give rise to possible buffer overflow attacks. "Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by Trend Micro AntiVirus Library product," ISS warns.
Desktop, server and gateway versions of Trend's anti-virus scanners all need updating to version 7.510 of Trend's scan engine or higher because of the vulnerability. Several large vendors and ISP's use Trend Micro's AntiVirus Library in their products, which likewise need attention.
Update details are here. ISS's alert is here. Earlier this month ISS issued alerts over similar but distinct vulnerabilities involving 30 security packages from Symantec, involving the processing of UPX compressed files, and anti-virus products from F-Secure, again involving the handling of ARJ archive files. ®