February 8, 2007 10:04 AM PST
Trend Micro flaw opens PCs to takeover
The flaw in its antivirus scan engine could be used to trigger a buffer overflow using a corrupted UPX file, the software maker said in an advisory issued earlier this week. For example, an outsider could send an e-mail with the malicious file to a computer loaded with the affected antivirus software.
As a result, the PC could suffer a "blue screen of death" or allow the attacker to remotely execute code and take control of the system, Trend Micro said.
Security companies such as Secunia have rated the flaw as "highly critical." There are no exploits for the vulnerability circulating yet, Trend Micro said.
The flaw affects all of Trend Micro's products that use its scan engine and pattern file technology, including its PC-cillin line and certain versions of Client Server Messaging Security for SMB. The at-risk software makes up a wide swath of its product line.
Experts have said that antivirus software is becoming more attractive as a target for hackers. In January, Symantec acknowledged that a known hole in its corporate antivirus tool was coming under persistent attack from worms.
Trend Micro credits iDefense Vulnerability Labs, which offers a bounty to bug hunters, for reporting the problem.
The antivirus software maker is advising customers to make sure the virus pattern file for their software is updated, either manually or via automatic updates, to pattern 4.245.00. It said that it will make enhancements to its scan engine and that it plans to apply a fix with its upcoming release of Scan Engine version 8.5.