Vulnerabilities > CVE-2007-0851 - Buffer Overflow vulnerability in Trend Micro Antivirus UPX Compressed PE File
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Failed exploit attempts will likely cause a denial-of-service condition.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | TRENDMICRO_UPX_PARSING.NASL |
description | The remote host is running Trend Antivirus, a commercial antivirus software package for Windows. The scan engine of the remote antivirus is affected by a UPX file parsing vulnerability that could potentially allow an attacker to crash the scan engine or execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24681 |
published | 2007-02-21 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24681 |
title | Trend Micro UPX File Parsing Overflow |
code |
|
References
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289
- http://jvn.jp/jp/JVN%2377366274/index.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470
- http://osvdb.org/33038
- http://secunia.com/advisories/24087
- http://secunia.com/advisories/24128
- http://securitytracker.com/id?1017601
- http://securitytracker.com/id?1017602
- http://securitytracker.com/id?1017603
- http://www.jpcert.or.jp/at/2007/at070004.txt
- http://www.kb.cert.org/vuls/id/276432
- http://www.securityfocus.com/bid/22449
- http://www.vupen.com/english/advisories/2007/0522
- http://www.vupen.com/english/advisories/2007/0569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32352