Advertisement
Promo

Security threats Toolkit

ISS reveals cross-platform antivirus flaw

Published: 25 Feb 2005 09:55 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Internet Security Systems has found a flaw in Trend Micro's virus-scanning software -- the third time this month that the security company has picked a hole in an antivirus product.

The vulnerability affects Trend Micro's Antivirus Library, a common set of code used by at least 29 Trend Micro products, according to separate advisories posted on Trend Micro's Web site on Wednesday and on ISS' site on Thursday. An attacker could create a program that exploits the security hole, causing the antivirus program to run a virus instead of blocking the malicious program, the companies said.

"Successful exploitation of this vulnerability could be used to gain unauthorised access to networks and machines being protected by Trend Micro Antivirus Library products," ISS said in its advisory.

The flaw is similar to those found in antivirus software from Symantec and F-Secure. Because it's a library flaw, it adds up to a broad vulnerability in Trend Micro products that could be exploited to automatically run a malicious program. The flaw is caused by a memory error known as a heap overflow.

It affects not only Trend Micro applications on Windows systems, but also the company's software running on Linux, Solaris and other Unix-like operating systems.

"We looked at the issue, we verified it and found it to be true," said Joe Hartmann, North American director of antivirus research for Trend Micro. "We created a solution to it in a couple of days and... alerted our customers about the problem."

Among the products that are affected by the problem are various versions of Trend Micro InterScan, Trend Micro ScanMail and Trend Micro ServerProtect.

Trend Micro's advisory recommends that customers update their antivirus software to version 7.510, which fixes the problem.

ISS dealt with a flaw in its own security products nearly a year ago. The subsequent Witty worm exploited the security hole to spread to a modest number of computers on the Internet. A representative of ISS could not immediately be reached for comment.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
110 out of 193 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters