Risk: Medium
Trend Micro is urging users of its anti-virus products to apply security updates following the discovery of potentially serious security vulnerabilities in 29 of its products. The security bug involves flaws in the processing of ARJ archive files by an antivirus library that gives rise to possible buffer overflow attacks. Successful exploitation of this vulnerability could be used to gain unauthorised access to networks and machines being protected by Trend Micro AntiVirus Library product.
Desktop, server and gateway versions of Trend's anti-virus scanners all need updating to version 7.510 of Trend's scan engine or higher because of the vulnerability. Several large vendors and ISP's use Trend Micro's AntiVirus Library in their products, which likewise need attention.
Update details have been made available on Trend Micro’s web site. Trend Micro’s products are in a list of previous vendor applications to have been exploited via compressed archives, which includes Symantec and F-Secure.