February 24, 2005 3:22 PM PST
Take three: Antivirus apps could spread infection
The vulnerability affects Trend Micro's Antivirus Library, a common set of code used by at least 29 Trend Micro products, according to separate advisories posted on Trend Micro's Web site on Wednesday and on ISS' site on Thursday. An attacker could create a program that exploits the security hole, causing the antivirus program to run a virus instead of blocking the malicious program, the companies said.
"Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by Trend Micro Antivirus Library products," ISS said in its advisory.
The flaw is similar to those found in antivirus software from Symantec and F-Secure. Because it's a library flaw, it adds up to a broad vulnerability in Trend Micro products that could be exploited to automatically run a malicious program. The flaw is caused by a memory error known as a heap overflow.
It affects not only Trend Micro applications on Windows systems, but also the company's software running on Linux, Solaris and other Unix-like operating systems.
"We looked at the issue, we verified it and found it to be true," said Joe Hartmann, North American director of antivirus research for Trend Micro. "We created a solution to it in a couple of days and...alerted our customers about the problem."
Among the products that are affected by the problem are various versions of Trend Micro InterScan, Trend Micro ScanMail and Trend Micro ServerProtect.
Trend Micro's advisory recommends that customers update their antivirus software to version 7.510, which fixes the problem.
ISS dealt with a flaw in its own security products nearly a year ago. The subsequent Witty worm exploited the security hole to spread to a modest number of computers on the Internet. A representative of ISS could not immediately be reached for comment.