Wednesday, August 22, 2007

[NT] Trend Micro SSAPI Long Path Buffer Overflow Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
------------------------------------------------------------------------


SUMMARY

Trend Micro <http://us.trendmicro.com/us/products/personal/antispyware/>
AntiSpyware is a spyware detection and removal application designed to
help protect home users computers, networks and account information.
Remote exploitation of buffer overflow vulnerability in Trend Micro Inc.'s
SSAPI Engine could allow attackers to execute arbitrary code with system
level privileges.

DETAILS

Vulnerable Systems:
* PC-Cillin Internet Security 2007 vstlib32.dll version 1.2.0.1012

Trend Micro products which include the VST functionality are vulnerable to
a stack-based buffer overflow in the vstlib32.dll library. This overflow
is triggered when an attacker creates a file on the local file system with
an overly long path. When vstlib32 receives the ReadDirectoryChangesW
callback notification from the Operating System, a stack based buffer
overflow will occur.

Analysis:
Exploitation allows attackers to execute arbitrary code with system level
privilege.

Exploitation requires that attackers are able to create a specially
constructed file path on the machine running the Trend Micro product. This
could be the local machine to gain SYSTEM level privileges, or could be
conducted remotely by writing a file to an accessible network share.

Vendor response:
Trend Micro has addressed this vulnerability by releasing a HotFix. For
more information consult their Knowledge Base article at the following
URL:
<http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845> http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3873>
CVE-2007-3873

Disclosure timeline:
07/12/2007 - Initial vendor notification
07/16/2007 - Initial vendor response
08/20/2007 - Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586>

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

6 comments:

  1. Anonymous6:36 PM

    Hi there, I wish for to subscribe for this website
    to take newest updates, so where can i do it
    please assist.

    my web blog Ultra Slim Patch Diet

    ReplyDelete
  2. Anonymous11:07 AM

    I loved as much as you'll receive carried out right here. The sketch is tasteful, your authored material stylish. nonetheless, you command get got an shakiness over that you wish be delivering the following. unwell unquestionably come further formerly again as exactly the same nearly very often inside case you shield this increase.

    My blog post :: Ultra Slim Patch Weight Loss Program

    ReplyDelete
  3. Anonymous9:47 AM

    It's going to be finish of mine day, but before end I am reading this great piece of writing to increase my know-how.

    Feel free to surf to my web page - acai ultra lean review

    ReplyDelete
  4. Anonymous9:58 AM

    Hello this is kind of of off topic but I was wanting to know if blogs use
    WYSIWYG editors or if you have to manually code with HTML.
    I'm starting a blog soon but have no coding knowledge so I wanted to get advice from someone with experience. Any help would be enormously appreciated!

    my web site; 100 Day Loans Online

    ReplyDelete
  5. Anonymous2:36 PM

    Pretty section of content. I just stumbled upon your blog and
    in accession capital to assert that I get in fact enjoyed account
    your blog posts. Anyway I'll be subscribing to your feeds and even I achievement you access consistently fast.

    Also visit my site: Blast xl Suppleement

    ReplyDelete
  6. Anonymous10:31 AM

    Hello, after reading this awesome paragraph i am also cheerful to share my knowledge here with mates.


    Feel free to visit my blog ... make money from home

    ReplyDelete