Trend Micro Warns of Scan Engine Vulnerability

Anti-virus (AV) specialist Trend Micro Inc. last week warned of a flaw in its AV scanning engine that could result in denial-of-service (DoS) or system takeover.

The flaw affects a variety of products, including Trend Micro's InterScan Messaging Security Suite, InterScan VirusWall, InterScan Web Security Suite, OfficeScan and ServerProtect offerings. Trend Micro's consumer offerings -- such as Trend Micro Antivirus and PC-cillin -- are also affected, officials said.

The vulnerability stems from a corrupted UPX file in Trend Micro's scan engine. An attacker who successfully exploits it can cause a buffer overflow and trigger a Windows Blue Screen of Death (BSOD) or -- more dangerous still -- potentially execute arbitrary code on the compromised system. In the latter scenario, officials concede, an attacker could take control of the system.

The vulnerability was first reported by iDefense Vulnerability Labs, a security researcher based in Sterling, Virginia.

According to iDefense researchers, the flaw can be exploited by means of common protocols, such as SMTP, HTTP or FTP; nor must an attacker successfully authenticate to be able to exploit the vulnerability, iDefense says.

The worst-case scenario -- remote execution of arbitrary code -- stems from the fact that (in Windows environments) the Trend Micro scan engine runs in the kernel context. Under Linux, the engine runes as a daemon with superuser privileges, iDefense researchers say. The upshot, in any case, is severe: an attacker can take complete control of a compromised system, assuming she's first able to successfully execute her malicious payload.

Trend Micro advises customers to update their virus pattern files to 4.245.00. It also plans to incorporate a fix into its upcoming Scan Engine version 8.5 release. In addition, Trend Micro officials say, the AV specialist also distributes a fix for the flaw via its automatic update feature.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


comments powered by Disqus

Subscribe on YouTube