Attackers could tamper with servers and run malicious code by exploiting flaws in Trend Micro's ServerProtect, Anti-Spyware and PC-cillin products. The Tokyo-based antivirus firm has released a patch and hotfix to address the problems.
Trend Micro ServerProtect, an antivirus application designed specifically for servers, is prone to several security holes, including an interger overflow flaw that's exploitable over RPC, according to the
The problems affect ServerProtect 5.58 Build 1176 and possibly earlier versions.
Meanwhile, Trend Micro Anti-Spyware and PC-cillin Internet contain stack buffer-overflow flaws where the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer, the vendor reported. The issue affects the 'vstlib32.dll' library of Trend Micro's SSAPI Engine. When the library processes a local file that has overly-long path data, it fails to handle a subsequent 'ReadDirectoryChangesW' callback notification from Microsoft Windows.
Attackers who exploit this could inflict the same type of damage as exploits against the ServerProtect flaws. Trend Micro Anti-Spyware for Consumers version 3.5 and PC-cillin Internet Security 2007 are affected.
Trend Micro has released a hotfix to address the problem.