|
Trend Micro Products SSAPI Module Long Path Processing Buffer Overflow
|
|
Secunia Advisory:
|
SA26557
|
|
|
Release Date:
|
2007-08-22
|
|
Popularity:
|
6,993 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Privilege escalation
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | Trend Micro Anti-Spyware 3.x
Trend Micro PC-cillin Internet Security 2007
|
|
|
Binary Analysis:
|
BA210 :: Available for 1 Credit 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2007-3873
|
|
Description:
A vulnerability has been reported in Trend Micro products, which can be exploited by malicious, local users to gain escalated privileges or potentially by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the SSAPI module in vstlib32.dll when processing path names. This can be exploited to cause a stack-based buffer overflow by e.g. creating a file with an overly long path name.
Successful exploitation allows execution of arbitrary code with SYSTEM privileges, but requires that the Venus Spy Trap (VST) functionality of SSAPI is enabled.
The vulnerability affects the following products:
* Trend Micro PC-cillin Internet Security 2007 15.0 - SSAPI version 5.0.0.1066
* Trend Micro PC-cillin Internet Security 2007 15.2 – SSAPI v5.0.0.1074
* Trend Micro PC-cillin Internet Security 2007 15.3 – SSAPI v5.2.0.1004
* Trend Micro PC-cillin Internet Security 2007 15.2 Patch – SSAPI v5.2.0.1012
* Trend Micro AntiSpyware 3.5 - SSAPI v5.0.0.1066
Solution:
Apply temporary hotfix until official patches are released, which will reportedly be available via the Trend Micro ActiveUpdate servers on September 10, 2007.
Trend Micro PC-cillin Internet Security 2007:
ftp://conftpuser:consumer-trend@ftp-d...c_2007_1530_win_en_ssapi_5_2_1028.exe
Trend Micro Anti-Spyware for Consumer 3.5:
* 32-bit OS
ftp://conftpuser:consumer-trend@ftp-d...fix/ssapi_52_win_en_hfb1028_32bit.exe
* 64-bit OS
ftp://conftpuser:consumer-trend@ftp-d...fix/ssapi_52_win_en_hfb1028_64bit.exe
Provided and/or discovered by:
Discovered by Ismael Briones and reported via iDefense Labs.
Original Advisory:
Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035845
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
