| VID |
28115 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Trend Micro engine, according to its version, has a heap overflow vulnerability in the ARJ handling functions. Trend Micro products that use a Scan Engine version prior to VSAPI 7.510 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling ARJ archives. An attacker can exploit this vulnerability to execute arbitrary code on the affected host. This vulnerability can be triggered by an unauthenticated remote attacker, without user interaction, by sending an e-mail containing a crafted ARJ file to the target Trend Micro AntiVirus Library on client, server, and gateway implementations. Additional attack vectors exist over other common protocols (e.g. HTTP, FTP, POP3), but some may require user interaction.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.kb.cert.org/vuls/id/107822
http://xforce.iss.net/xforce/alerts/id/189
http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution
* Platforms Affected:
Trend Micro products that use a Scan Engine version prior to VSAPI 7.510
Microsoft Windows Any version |
| Recommendation |
Upgrade your scan engine to VSAPI 7.510 or higher, available from the Trend Micro's 'Scan Engine Updates' Web site at http://www.trendmicro.com/download/engine.asp |
| Related URL |
CVE-2005-0533 (CVE) |
| Related URL |
12643 (SecurityFocus) |
| Related URL |
19140 (ISS) |
|
