Yet more vulnerabilities in major security products

Posted by   Virus Bulletin on   Mar 15, 2007

Serious McAfee buffer overflow flaws join yet another Trend UPX issue.

Several vulnerabilities have been found in McAfee's ePolicy Orchestrator management tool, which could be exploited to gain remote access to systems running the software. Patches have been made available and users are advised to ensure they are applied as soon as possible. Several versions of EPO 3, as well as ProtectionPilot, are thought to be affected.

A researcher at Fortinet's security research team discovered the buffer overflow flaws in an ActiveX control used by the software, and reported them to McAfee in mid and late December 2006. The issues have been made public following the release of fixes, which can be found here. A detailed report, sent to Full-disclosure by the researcher who found the flaws, is here, and an alert from Secunia is here.

Trend Micro, already hit by a string of vulnerabilities in recent weeks, has suffered another problem in its anti-virus engine, which could cause a full system crash on exposure to a carefully crafted malicious file. The problem, caused by a divide-by-zero error in processing UPX compressed files, affects version 8 of the Trend engine, and while some systems may only lose service from the malware scanner, Windows users could suffer a 'Blue Screen of Death' (BSOD) crash of the whole operating system.

The flaw was reported via iDefense two weeks ago, and an update to pattern files was issued by Trend on Tuesday to rectify the error. The iDefense notification is here, and details from Trend are here.

Posted on 15 March 2007 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.