In association with heise online

16 March 2007, 11:36

Error in Trend Micro´s virus scanner brings Windows to a standstill

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A flaw in Trend Micro's antivirus products for Windows will not only cause a scan of modified files to crash – but will bring Windows down with it. According to iDefense this is caused by a division by zero in the kernel driver VsapiNT.sys, with which the scanner can check files in various formats. When parsing files in the UPX format, an integer value defined there is used as a divisor. As an attacker is free to define that value himself, he can thereby trigger a Windows Bluescreen of Death (BSOD).

The error affects Scan Engine 8.0 and 8.3, which are to be found in numerous Trend Micro products. These include not only desktop products such as PC-cillin, but also server products and gateway scanners such as InterScan and ScanMail. A gateway processing a mail with a malicious attachment is all it takes for an attack to succeed.

Trend Micro has made updates that remove the problem available. The updates are already being distributed automatically.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit