- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
Trend Micro <http://us.trendmicro.com/us/products/personal/antispyware/>
AntiSpyware is a spyware detection and removal application designed to
help protect home users computers, networks and account information.
Remote exploitation of buffer overflow vulnerability in Trend Micro Inc.'s
SSAPI Engine could allow attackers to execute arbitrary code with system
level privileges.
DETAILS
Vulnerable Systems:
* PC-Cillin Internet Security 2007 vstlib32.dll version 1.2.0.1012
Trend Micro products which include the VST functionality are vulnerable to
a stack-based buffer overflow in the vstlib32.dll library. This overflow
is triggered when an attacker creates a file on the local file system with
an overly long path. When vstlib32 receives the ReadDirectoryChangesW
callback notification from the Operating System, a stack based buffer
overflow will occur.
Analysis:
Exploitation allows attackers to execute arbitrary code with system level
privilege.
Exploitation requires that attackers are able to create a specially
constructed file path on the machine running the Trend Micro product. This
could be the local machine to gain SYSTEM level privileges, or could be
conducted remotely by writing a file to an accessible network share.
Vendor response:
Trend Micro has addressed this vulnerability by releasing a HotFix. For
more information consult their Knowledge Base article at the following
URL:
<http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845> http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3873>
CVE-2007-3873
Disclosure timeline:
07/12/2007 - Initial vendor notification
07/16/2007 - Initial vendor response
08/20/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
6 comments:
Hi there, I wish for to subscribe for this website
to take newest updates, so where can i do it
please assist.
my web blog Ultra Slim Patch Diet
I loved as much as you'll receive carried out right here. The sketch is tasteful, your authored material stylish. nonetheless, you command get got an shakiness over that you wish be delivering the following. unwell unquestionably come further formerly again as exactly the same nearly very often inside case you shield this increase.
My blog post :: Ultra Slim Patch Weight Loss Program
It's going to be finish of mine day, but before end I am reading this great piece of writing to increase my know-how.
Feel free to surf to my web page - acai ultra lean review
Hello this is kind of of off topic but I was wanting to know if blogs use
WYSIWYG editors or if you have to manually code with HTML.
I'm starting a blog soon but have no coding knowledge so I wanted to get advice from someone with experience. Any help would be enormously appreciated!
my web site; 100 Day Loans Online
Pretty section of content. I just stumbled upon your blog and
in accession capital to assert that I get in fact enjoyed account
your blog posts. Anyway I'll be subscribing to your feeds and even I achievement you access consistently fast.
Also visit my site: Blast xl Suppleement
Hello, after reading this awesome paragraph i am also cheerful to share my knowledge here with mates.
Feel free to visit my blog ... make money from home
Post a Comment