Black Wolf Technologies

iDefense Security Advisory 10.25.07 - Local exploitation of a buffer overflow vulnerability within Tmxpflt.sys, as included with Trend Micro Inc.’s AntiVirus engine, could allow an attacker to execute arbitrary code in kernel context. iDefense Labs has confirmed the existence of this vulnerability in following Trend Micro Products: Trend Micro’s PC-Cillin Internet Security 2007, Tmxpflt.sys version 8.320.1004 and 8.500.0.1002. All products using Trend Micro’s scan engine such as Trend Micro ServerProtect, Trend Micro OfficeScan are also suspected to be vulnerable. Related CVE Number: CVE-2007-4277.  Homepage: http://www.idefense.com/. Authored By Ruben Santamarta

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.’s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the relay.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well. Related CVE Number: CAN-2005-1929.  Homepage: http://www.idefense.com/.

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.’s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the isaNVWRequest.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well. Related CVE Number: CAN-2005-1929.  Homepage: http://www.idefense.com/.

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a denial of service vulnerability in Trend Micro Inc.’s ServerProtect EarthAgent daemon allow attackers to cause the target process to consume 100% of available CPU resources. The problem specifically exists within ServerProtect EarthAgent in the handling of maliciously crafted packets transmitted with the magic value \x21\x43\x65\x87 targeting TCP port 5005. A memory leak also occurs with each received exploit packet allowing an attacker to exhaust all available memory resources with repeated attack. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well. Related CVE Number: CAN-2005-1928.  Homepage: http://www.idefense.com/. Authored By Pedram Amini

iDefense Security Advisory 07.16.07 - Remote exploitation of a stack-based buffer overflow vulnerability in Trend Micro Inc.’s OfficeScan for Windows could allow attackers to execute arbitrary code with the privileges of the IIS Web User. The OfficeScan installation includes a series of CGI executables that are used for configuration through the Web interface. A shared library, CGIOCommon.dll, is used by many of these binaries to access environment variables passed to them from the parent IIS process. If a malicious Web request is made for a vulnerable binary, including an overly long session cookie, a stack-based Unicode buffer overflow will occur. iDefense has confirmed this vulnerability in OfficeScan 7.3 with all current patches applied. Testing has shown that this attack can be conducted by requesting multiple CGI binaries that make use of the shared library. Other versions are suspected to be vulnerable. Related CVE Number: CVE-2007-3454.  Homepage: http://www.idefense.com/.

iDefense Security Advisory 07.16.07 - Remote exploitation of an authorization bypass vulnerability in Trend Micro Inc.’s OfficeScan for Windows could allow attackers to login to the management console and alter application settings. The OfficeScan installation includes a web management console that allows administrators to configure the application and the Antivirus clients it manages. The web interface login is handled by cgiChkMasterPwd.exe which is passed a hash and an encrypted version of the password generated by an ActiveX control on the login page. If cgiChkMasterPwd.exe is sent an empty encryption string and empty hash it proceeds to issue the client a valid session id which can then be used to access the web management console. iDefense has confirmed the existence of this vulnerability in OfficeScan for Windows 7.3 with all current patches applied. Previous versions may also be affected. Related CVE Number: CVE-2007-3455.  Homepage: http://www.idefense.com/. Authored By David Maciejak

Secunia Security Advisory - A vulnerability has been reported in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user’s system.  Homepage: http://secunia.com/advisories/24193/

Secunia Security Advisory - A vulnerability has been reported in Trend Micro OfficeScan Corporate Edition, which can be exploited by malicious people to potentially compromise a user’s system.  Homepage: http://secunia.com/advisories/22224/

iDEFENSE Security Advisory 12.14.05 - Local exploitation of an insecure permission vulnerability in multiple Trend Micro Inc. products allows attackers to escalate privileges or disable protection. The vulnerabilities specifically exist in the default Access Control List (ACL) settings that are applied during installation. When an administrator installs an affected Trend Micro product, the default ACL allows any user to modify the installed files. Due to the fact that some of the programs run as system services, a user could replace an installed Trend Micro product file with their own malicious code, and the code would be executed with system privileges. iDefense has confirmed the existence of this vulnerability in Trend Micro PC-Cillin Internet Security 2005 version 12.00 build 1244. It is suspected that previous versions are also vulnerable. It has been reported that InterScan VirusWall, InterScan eManager and Office Scan are also vulnerable. Related CVE Number: CAN-2005-3360.  Homepage: http://www.idefense.com/.

Secunia Security Advisory - Some vulnerabilities have been reported in Trend Micro OfficeScan Corporate Edition, which can be exploited by malicious people to cause a DoS (Denial of Service) or delete arbitrary files on a vulnerable system.  Homepage: http://secunia.com/advisories/22156/