TITLE: Trend Micro Products RAR Processing Denial Of Service SECUNIA ADVISORY ID: SA23321
VERIFY ADVISORY: http://secunia.com/advisories/23321/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Trend Micro OfficeScan Corporate Edition 7.x http://secunia.com/product/5007/ Trend Micro PC-cillin Internet Security 2006 / 14.x http://secunia.com/product/8828/ Trend Micro ServerProtect for Windows/NetWare 5.x http://secunia.com/product/1153/ DESCRIPTION: A vulnerability has been reported in various Trend Micro products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the AntiVirus engine when processing RAR archive with "head_size" and "pack_size" header fields set to 0. This can be exploited to consume almost all CPU resources when scanning a specially crafted RAR archive. The vulnerability is reported in the following products (other versions may also be affected): * Trend Micro PC Cillin - Internet Security 2006 * Trend Micro Office Scan 7.3 * Trend Micro Server Protect 5.58 SOLUTION: Update to the latest version of the scan engine. ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
