Security update from Trend Micro
Antivirus software manufacturer Trend Micro has published an update (exe. file) for its scan engine (PccScan.dll) which closes a security hole in some of its products. A memory error can cause the scanner to crash when scanning specially crafted ZIP or UUE format files. The person who reported the hole believes, however, that these files could also write and execute malicious code in memory.
Only the English language versions of Trend Micro AntiVirus and AntiSpyware 2008, Trend Micro Internet Security 2008 and Trend Micro Internet Security Pro 2008 are affected. According to Trend Micro, the vulnerability does not exist in PC-cillin Internet Security 14.x and 15.x or in Trend Micro AntiVirus 15.x.
- Trend Micro Antivirus plus AntiSpyware 2008 UUE Decoding Format String Vulnerability, vulnerability report from Trend Micro
- TrendMicro AntiVirus UUE Processing Vulnerability , vulnerability report from Nevis Labs
(mba)