A dangerous buffer-overflow flaw in Trend Micro anti-virus software products was reported by Trend Micro and confirmed by security researchers at iDefense Labs. Researchers at Secunia have also posted an advisory on this vulnerability and have deemed this to be highly critical. This flaw can be exploited in both Windows and Linux systems, and could be used to gain access to machines, cause DOS (denial of service) activity and allow attackers total control of affected systems.
Trend Micro responded to the vulnerability by pushing out a patch that a company spokesperson says fixes the issue. "We have seen no cases in the wild, but Trend Micro moved quickly on this because, like others, we understand the highly critical nature of this issue," a company representative told eWEEK. The vulnerability targets all scan engine and pattern file technology in Trend Micro products due to an error within UPX (ultimate packer for executables) compressed executables. This error can be exploited to cause buffer overflow processes when scanning a uniquely designed UPX file.