Stack-based Buffer Overflow in Trend Micro AntiVirus and Internet Security Products
CVE-2007-6386

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Trend Micro Antivirus Plus Antispyware; Trend Micro Internet Security Pro; Trend Micro Internet Security Virus Bust
Vendor: CVE Published:; 15 December 2007

Summary

A stack-based buffer overflow vulnerability exists in PccScan.dll prior to build 1451 of Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008. This flaw can be exploited when a user is tricked into processing a specially crafted .zip file with an excessively long name, potentially leading to a denial of service through a crash of the SfCtlCom.exe process. Additionally, local users may exploit this vulnerability to gain elevated privileges, posing a significant security risk to affected systems.

References

http://secunia.com/advisories/28038

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/4191

vdb-entryx_refsource_VUPEN

http://esupport.trendmicro.com/support/viewxml.do?Content...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 15, 2007
Vulnerability Reserved
Dec 14, 2007