Researchers Find Hole in Trend Micro AntiVirus Library

A critical flaw has been discovered in Trend Micro's AntiVirus Library, which is used by all the company's desktop, server, and gateway security products.

The library is also used by ISPs and e-mail services such as Hotmail, and in third-party security products that use licensed versions of the antivirus software, greatly widening the scope of the new alert. The full list of Trend Micro products affected by the flaw runs to a total of 30 products.

According to the company advisory, the problem lies with the way the library handles files compressed using the ARJ standard. "Thus, it is possible to create a specially crafted ARJ archive file that overwrites data after the allocated 512-byte buffer. This specially crafted file could possibly execute an arbitrary code," continues the warning, a technically accurate but opaque way of saying that a virus code could in certain circumstances be hidden inside an archive file and not be detected.

Hole Patrol

The flaw was discovered by security company Internet Security Systems, which two weeks ago reported a very similar hole in the antivirus library used by a large number of Symantec security products. That too related to the possibility of exploiting a heap overflow in compressed files, which suggests that ISS researchers are systematically looking into such vulnerabilities.

ISS has had its own security issues in the last year, being on the receiving end last March of the Witty worm that specifically targeted its Black Ice intrusion prevention system.

Full details of the current vulnerability can be found by visiting the Trend Micro website.