February 25, 2005

Trendmicro security flawed

by brian_turner

Trendmicro has become the third security vendor to be warned by Internet Security Systems that its code could execute malicious programs, rather than remove them.

As reported in Take three: Antivirus apps could spread infection, this follows on earlier discoveries that Symantec and F-Secure software was also vulernable to the same issue, as reported here in Security companies patch serious flaws.

According to CNET:

The vulnerability affects Trend Micro’s Antivirus Library, a common set of code used by at least 29 Trend Micro products, according to separate advisories posted on Trend Micro’s Web site on Wednesday and on ISS’ site on Thursday. An attacker could create a program that exploits the security hole, causing the antivirus program to run a virus instead of blocking the malicious program, the companies said.

“Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by Trend Micro Antivirus Library products,” ISS said in its advisory.

Trendmicro have now released an advisory for the update of it’s products here: Vulnerability in VSAPI ARJ parsing could allow Remote Code execution.

Story link: Trendmicro security flawed

Add to Bookmarks:

 

 

 

• Recent Posts

  • Windows 7 SP1 just a minor update
  • Commodore 64 is reborn
  • Small businesses at greatest risk from cyber crime
  • 26% of UK youngsters have tried hacking
  • Whitevector maps social media for marketing and brand management

• Most read today

  • Forum admins warned on new wave of spam
  • How Google destroyed $1 billion of United Airlines
  • How to combat spam on vbulletin forums
  • Hurricane on Wall St: Lehman bust; Merrill bought
  • Basic install and optimisation of a vbulletin forum