[NT] Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 22 Aug 2007 11:08:41 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
------------------------------------------------------------------------
SUMMARY
Trend Micro <http://us.trendmicro.com/us/products/personal/antispyware/>
AntiSpyware is a spyware detection and removal application designed to
help protect home users computers, networks and account information.
Remote exploitation of buffer overflow vulnerability in Trend Micro Inc.'s
SSAPI Engine could allow attackers to execute arbitrary code with system
level privileges.
DETAILS
Vulnerable Systems:
* PC-Cillin Internet Security 2007 vstlib32.dll version 1.2.0.1012
Trend Micro products which include the VST functionality are vulnerable to
a stack-based buffer overflow in the vstlib32.dll library. This overflow
is triggered when an attacker creates a file on the local file system with
an overly long path. When vstlib32 receives the ReadDirectoryChangesW
callback notification from the Operating System, a stack based buffer
overflow will occur.
Analysis:
Exploitation allows attackers to execute arbitrary code with system level
privilege.
Exploitation requires that attackers are able to create a specially
constructed file path on the machine running the Trend Micro product. This
could be the local machine to gain SYSTEM level privileges, or could be
conducted remotely by writing a file to an accessible network share.
Vendor response:
Trend Micro has addressed this vulnerability by releasing a HotFix. For
more information consult their Knowledge Base article at the following
URL:
<http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845> http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3873>
CVE-2007-3873
Disclosure timeline:
07/12/2007 - Initial vendor notification
07/16/2007 - Initial vendor response
08/20/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@xxxxxxxxxxxx> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [TOOL] SSHatter - SSH Password Brute Forcer
- Next by Date: [NT] Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
- Previous by thread: [TOOL] SSHatter - SSH Password Brute Forcer
- Next by thread: [NT] Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
- Index(es):
Relevant Pages
|
|
