Denial of Service Vulnerability in Trend Micro Products
CVE-2006-6458

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Pc Cillin - Internet Security 2006; Officescan; Serverprotect
Vendor: CVE Published:; 11 December 2006

Summary

A denial of service vulnerability exists in the Trend Micro scan engine used in multiple products, including PC Cillin - Internet Security, OfficeScan, and Server Protect. An attacker can exploit this vulnerability by sending a malformed RAR archive containing an Archive Header section with zeroed head_size and pack_size fields, leading to excessive CPU consumption and potential system hangs due to an infinite loop condition. Organizations using vulnerable versions should implement necessary security patches to mitigate the risk.

References

http://www.securityfocus.com/bid/21509

vdb-entryx_refsource_BID

http://secunia.com/advisories/23321

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/4918

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Dec 11, 2006
Vulnerability Reserved
Dec 11, 2006