A vulnerability has been reported in Trend Micro products, which can be exploited by malicious, local users to gain escalated privileges or potentially by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the SSAPI module in vstlib32.dll when processing path names. This can be exploited to cause a stack-based buffer overflow by e.g. creating a file with an overly long path name.
Successful exploitation allows execution of arbitrary code with SYSTEM privileges, but requires that the Venus Spy Trap (VST) functionality of SSAPI is enabled.
The vulnerability affects the following products:
* Trend Micro PC-cillin Internet Security 2007 15.0 - SSAPI version 18.104.22.1686
* Trend Micro PC-cillin Internet Security 2007 15.2 – SSAPI v22.214.171.1244
* Trend Micro PC-cillin Internet Security 2007 15.3 – SSAPI v126.96.36.1994
* Trend Micro PC-cillin Internet Security 2007 15.2 Patch – SSAPI v188.8.131.522
* Trend Micro AntiSpyware 3.5 - SSAPI v184.108.40.2066
Solution: Apply temporary hotfix until official patches are released, which will reportedly be available via the Trend Micro ActiveUpdate servers on September 10, 2007.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org