Tokyo-based antivirus vendor Trend Micro has issued a patch for a vulnerability in its antivirus scanning products, which could crash a user's system or allow remote execution of arbitrary code. The vulnerability affects all Trend Micro products that use its Scan Engine.
The vulnerability occurs when the Scan Engine parses a malformed UPX (executable packer) file. Specially crafted UPX files can trigger a buffer overflow that can lead to a blue screen of death (BSOD), causing denial of service (DoS) or the execution arbitrary code that allows an attacker to take control of the system.
All Trend Micro products that use Scan Engine and Pattern File technology are vulnerable, including PC-cillin, OfficeScan, PortalProtect, InterScan, and ScanMail. The French Security Incident Response Team (FrSIRT) and vulnerability clearinghouse Secunia rate the vulnerability as critical.
Trend Micro recommends updating to virus pattern file 4.245.00 or higher. This includes an update of the UPX parsing algorithm as well as generic detection for malformed UPX files. The fix will be included in the upcoming release of version 8.5.
Flaws found in Firefox
Beyond Security Inc.'s SecuriTeam research group has reported two vulnerabilities in the Firefox browser from Mozilla. The first vulnerability, in its pop-up blocker, can allow an attacker to execute arbitrary code on the target system. The second vulnerability, in its phishing protection tool, fools the browser into accepting phishing sites.
With the pop-up blocker vulnerability, if a user chooses to allow a pop-up, that grants access to local files. Malicious users can plant specially crafted files for the browser to open, allowing execution of arbitrary code. This vulnerability is known to occur in Firefox version 22.214.171.124.
With the phishing protection issue, links to known phishing sites that contain extra "" symbols after the domain are not recognized as phishing sites. A user who clicks on such a link will open a known phishing site without being warned. This vulnerability is known to occur in Firefox 126.96.36.199.
As of Thursday, Mountain View, Calif.-based Mozilla has not published advisories for these vulnerabilities.