CVE-2007-6386

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Trend Micro Antivirus Plus Antispyware; Trend Micro Internet Security Pro; Trend Micro Internet Security Virus Bust
Vendor: CVE Published:; 15 December 2007

Summary

Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.

References

http://secunia.com/advisories/28038

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/4191

vdb-entryx_refsource_VUPEN

http://esupport.trendmicro.com/support/viewxml.do?Content...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 15, 2007
Vulnerability Reserved
Dec 14, 2007