There was a new vulnerability in Trend Micro’s suite of products announced yesterday. This is a remote UPX problem that can result in a denial of service.
From Secunia:
Description:
A vulnerability has been reported in Trend Micro products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a divide-by-zero error within the anti-virus engine when processing UPX compressed executables. This can be exploited to e.g. crash the system (Windows-based system) or application (library-based engine) when scanning a specially crafted UPX compressed executable file.
The vulnerability reportedly affects all Trend Micro products that use Scan Engine version 8.0 and above with Pattern File technology.
Solution:
Update the virus pattern file to OPR 4.335.00 or higher.
Tags: Trend Micro, Vulnerability, Remote Attack, Denial of Service
