Error in Trend Micro´s virus scanner brings Windows to a standstill
A flaw in Trend Micro's antivirus products for Windows will not only cause a scan of modified files to crash – but will bring Windows down with it. According to iDefense this is caused by a division by zero in the kernel driver VsapiNT.sys, with which the scanner can check files in various formats. When parsing files in the UPX format, an integer value defined there is used as a divisor. As an attacker is free to define that value himself, he can thereby trigger a Windows Bluescreen of Death (BSOD).
The error affects Scan Engine 8.0 and 8.3, which are to be found in numerous Trend Micro products. These include not only desktop products such as PC-cillin, but also server products and gateway scanners such as InterScan and ScanMail. A gateway processing a mail with a malicious attachment is all it takes for an attack to succeed.
Trend Micro has made updates that remove the problem available. The updates are already being distributed automatically.
- Blue Screen of Death (BSOD) and product exception in Trend Micro Scan Engines, vulnerability report by Trend Micro
- Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability, vulnerability report by iDefense