=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2007/VULN034
_____________________________________________________________________

DATE                      : 08/02/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Trend Micro Antivirus products

======================================================================

[Vulnerability Confirmation] Antivirus UPX Parsing Kernel Buffer
Overflow Vulnerability


Solution ID:		1034289
A recent system upgrade added a ‘1’ or ‘2’ to old solution IDs. You find
these solutions by removing or retaining the extra '1' or '2'.
		
Product:	 	Scan Engine - 8.300, Scan Engine - 8.000
		
Operating System:	 	N/A
		
Published:		2/6/07 5:18 AM


Problem:	 	

Trend Micro has become aware of a vulnerability in its Scan Engine,
wherein a corrupted UPX file can cause a buffer overflow and lead to
either of the following:

      • Blue screen of death (BSOD)

      • Execution of arbitrary code that allows an attacker to take
control of the system

It affects all Trend Micro products and versions using the Scan Engine
and Pattern File technology. A complete list of products is found in:

      • http://www.trendmicro.com/download/engine.asp

      • http://www.trendmicro.com/download/pattern.asp



Solution:		

To address the vulnerability, update to virus pattern file 4.245.00 or
higher. This provides the following fixes:

      • Update of the UPX Parsing algorithm

      • Generic detection for malformed UPX files

Enhancements will also be applied on the Scan Engine and the fix will be
included in the upcoming release of version 8.5.


Reference:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289


======================================================================

          =========================================================
          Les serveurs de rιfιrence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================