[20813] in bugtraq
Re: TrendMicro Interscan VirusWall RegGo.dll BOf
daemon@ATHENA.MIT.EDU (Nobuo Miwa)
Wed May 30 15:10:16 2001
To: BUGTRAQ@securityfocus.com
From: Nobuo Miwa <n-miwa@lac.co.jp>
In-Reply-To: <200105190215.AHG87031.BOX-JN@lac.co.jp>
Message-Id: <200105301319.JIB82823.BXONJ-@lac.co.jp>
Date: Wed, 30 May 2001 13:19:05 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Hi,
> This is a Buffer Overflow vulneravility in Trend Micro
> InterScan VirusWall for NT 3.5.
> RegGo.dll is the one.
There is a same buffer overflow in VirusWall for Japanese.
Any code with request will be executed remotely by "SYSTEM".
I've reported it to Trend Micro Japan office and they've
fixed within 24 hours and published a support news.
Support news in Japanese:
http://www.trendmicro.co.jp/support/news/news71.htm
Users of ver.3.51J needs to replace RegGo.dll to fixed
version that will be included in ver.3.52J
Or allow accesss 80/TCP to only administrators.
Fixed RegGo.dll download site:
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=2694
Here is a piece of test program..
for ( i=0 ; i<820 ; i++ )
sc[i] = 'a' ;
sc[i++] = 0x15 ;
sc[i++] = 0xAD ;
sc[i++] = 0xEE ;
sc[i++] = 0x77 ;
sc[i++] = 0xCC ; // any code will be executed
Our advisory:
http://www.lac.co.jp/security/english/test/interscan.html
Nobuo Miwa
n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp/security/
---------------o00o--(. .)--o00o---------------------------
