Trend Micro <http://www.trendmicro.com/> / <http://www.antivirus.com/> offer a free malware cleanup tool named "HouseCall 7.1" for Windows: <http://housecall.trendmicro.com/> <http://go.trendmicro.com/housecall7/HousecallLauncher.exe> <http://go.trendmicro.com/housecall7/HousecallLauncher64.exe>
Versions of this "security" product before the current build 1078 from 2010-08-30, published 2010-09-06 (according to HTTP timestamp), came with outdated and vulnerable OpenSource components: 1. libcurl.dll: version 7.19.0 from 2008-09-01 updated 10 times since, at least 3 times due to vulnerabilities; see <http://curl.haxx.se/> and <http://curl.haxx.se/docs/security.html> 2. ssleay32.dll and libeay32.dll: version 0.9.8i from 15.2008-09-15 updated 5 times since due to vulnerabilities; see <http://openssl.org/news/> and <http://openssl.org/news/vulnerabilities.html> 3. bzip2.exe: version 1.0.2 gets downloaded upon start, updated 3 times since then due to vulnerabilities; see <http://www.bzip.org/downloads.html> Users who downloaded this "security" product before 2010-09-07 should get a new copy ASAP! Stefan Kanthak Timeline: 2010-07-08: informed vendor support no reaction 2010-07-15: informed vendor sales department 2010-07-16: reply from vendor: will forward to product manager 2010-07-21: reply from vendor: service engineering team now in charge 2010-08-26: sent status request to vendor 2010-08-26: reply from vendor: will request status from product manager no more reaction 2010-09-06: silently fixed 2010-09-16: report published _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
