Yet more vulnerabilities in major security products

Serious McAfee buffer overflow flaws join yet another Trend UPX issue.

Several vulnerabilities have been found in McAfee's ePolicy Orchestrator management tool, which could be exploited to gain remote access to systems running the software. Patches have been made available and users are advised to ensure they are applied as soon as possible. Several versions of EPO 3, as well as ProtectionPilot, are thought to be affected.

A researcher at Fortinet's security research team discovered the buffer overflow flaws in an ActiveX control used by the software, and reported them to McAfee in mid and late December 2006. The issues have been made public following the release of fixes, which can be found here. A detailed report, sent to Full-disclosure by the researcher who found the flaws, is here, and an alert from Secunia is here.

Trend Micro, already hit by a string of vulnerabilities in recent weeks, has suffered another problem in its anti-virus engine, which could cause a full system crash on exposure to a carefully crafted malicious file. The problem, caused by a divide-by-zero error in processing UPX compressed files, affects version 8 of the Trend engine, and while some systems may only lose service from the malware scanner, Windows users could suffer a 'Blue Screen of Death' (BSOD) crash of the whole operating system.

The flaw was reported via iDefense two weeks ago, and an update to pattern files was issued by Trend on Tuesday to rectify the error. The iDefense notification is here, and details from Trend are here.

15 March 2007

Tags: del.icio.us digg this