Trend Micro squashes buffer overflow bug
Print storyMinor problem affects popular AV packages
Posted in Anti-Virus, 12th December 2002 09:28 GMT
Free whitepaper – Certify your software integrity with Thawte code signing certificates
Trend Micro has issued a fix to address buffer overflow vulnerabilities within popular versions of its anti-virus software packages.
The bug, within the POP3-proxy of PC-cillin and OfficeScan, came to light during evaluations of various antivirus products by Joel Soderberg of Swedish security firm Texonet last month.
Texonet contacted Trend regarding the problem and the AV vendor released a fix yesterday.
While buffer overflow vulnerabilities are always serious - particularly when they effect security software packages - the big mitigating factor her is that the flaw can only be exploited by a local intruder, according to Trend.
If a haXor has access to your machine, crashing AV packages as a means to introduce malicious code onto your box is probably the least of your problems. Trend describes the problem as minor and says none of its customers have reported being affected by the issues.
Nonetheless Trend recommends users apply its fix through applying a service pack (details of which can be found here.) ®
Free whitepaper – Vulnerability management buyer's checklist
The business case for application security
Reducing messaging and web security costs with managed services
Vulnerability management buyer's checklist
Extended Validation SSL Certificates
The best practices guide for application security
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive