![]() ![]() "We looked at the issue, we verified it and found it to be true," said Joe Hartmann, North American director of antivirus research for Trend Micro. It affects not only Trend Micro applications on Windows systems, but also the company's software running on Linux, Solaris and other Unix-like operating systems. The flaw is caused by a memory error known as a heap overflow. Because it's a library flaw, it adds up to a broad vulnerability in Trend Micro products that could be exploited to automatically run a malicious program. The flaw is similar to those found in antivirus software from Symantec and F-Secure. "Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by Trend Micro Antivirus Library products," ISS said in its advisory. An attacker could create a program that exploits the security hole, causing the antivirus program to run a virus instead of blocking the malicious program, the companies said. The vulnerability affects Trend Micro's Antivirus Library, a common set of code used by at least 29 Trend Micro products, according to separate advisories posted on Trend Micro's Web site on Wednesday and on ISS' site on Thursday. Internet Security Systems has found a flaw in Trend Micro's virus-scanning software-the third time this month that the security company has picked a hole in an antivirus product.
0 Comments
Leave a Reply. |