iDefense reveals several Trend Micro flaws

News by Jim Carr

Security researchers at iDefense Labs have uncovered a number of exploitable buffer overflow vulnerabilities in two Trend Micro products.

Security researchers at iDefense Labs have uncovered a number of exploitable buffer overflow vulnerabilities in two Trend Micro products.

The vulnerabilities could allow remote users to execute code with system-level privileges on computers running the products, Trend Micro's anti-spyware software for desktop and notebook PCs and its ServerProtect anti-virus software for Windows and NetWare servers, according to an iDefense advisory.

iDefense said multiple boundary errors in the ServerProtect product can be exploited to cause stack-based buffer overflows in various ServerProtect services. In addition, iDefense said remote exploitation of an integer overflow vulnerability in Trend's ServerProtect anti-virus software could also allow attackers to execute code with system-level privileges.

The vulnerabilities impact a wide range of services within the ServerProtect product, according to iDefense. For instance, one of the boundary errors impacts ServerProtect's StRpcSrv.dll library, which handles remote-procedure call (RPC) requests on TCP port 5168.

iDefense also revealed a similar stack-based buffer overflow issue within Trend's desktop/notebook anti-spyware product. The overflow can be triggered when an attacker creates a file with an "overly long path."

Trend Micro has released a hot fix the problems, and more information is available in the company's Knowledge Base article here.

"We appreciate third-party researchers alerting us to product issues, and Trend Micro retains a long-standing reputation of providing our customer base with the patches necessary to keep them secure," a Trend Micro spokesman told SCMagazine.com.
Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events