=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN511
_____________________________________________________________________

DATE                      : 13/12/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running Trend Micro AntiVirus plus
                             AntiSpyware- 2008, Trend Micro Internet
                             Security - 2008, Trend Micro Internet
                             Security Pro - 2008

======================================================================
http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
______________________________________________________________________

Trend Micro Antivirus plus AntiSpyware 2008 UUE Decoding Format String 
Vulnerability

Solution ID: 	1036464

Product: 	Trend Micro AntiVirus plus AntiSpyware - 2008, Trend Micro 
Internet Security - 2008, Trend Micro Internet Security Pro - 2008

Operating System: 	Windows Vista, Windows XP - SP2

Published: 	12/12/07 10:58 AM

Problem: 	

While parsing the .uue file TrendMicro Antivirus plus AntiSpyware 2008 
does not properly check the value of certain field thus resulting into a 
remote memory corruption. When certain fields of the .uue file contains 
a format string the "Trend Micro Central Control Component" Service will 
crash.
Solution: 	

The TIS16 module PccScan.dll cannot handle long bogus file names from 
malformed ZIP files and causes the program to terminate.


This was first reported by SoWhat from Nevis Labs.


This vulnerability only affects users with English Versions of TIS16 
(Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus 
Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) 
build #1450 and older.


TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet 
Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus 
AntiSpyware 2008) later builds starting from #1451 have already fixed 
this issue.


You can download the TIS16.0 English language security patch here.


Other local language (French, German, Italian, Spanish, Danish, Dutch, 
Norwegian, Swedish) versions of Trend Micro Internet Security including 
EMEA/APAC/JP GM packages have already included this modification so 
there is no need to apply the patch.


PC-cillin Internet Security 14.x/15.x/TAV15.x does not have this 
vulnerability.

======================================================================

           =========================================================
           Les serveurs de re'fe'rence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================