• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability

Severity: CRITICAL

Description:

The Trend Micro VSAPI scan engine library is prone to a heap-based buffer overflow vulnerability. This vulnerability may be triggered when the library processes a malformed ARJ archive.

The issue is due to insufficient bounds checking of main and header file names. When an ARJ archive is decompressed by the library, the file name is copied into a 512 byte buffer that has been allocated on the heap. If the file name exceeds 512 bytes, this may overwrite adjacent data structures. This may permit an attacker to corrupt various pointers on the heap, allowing for control of process execution flow. In this manner, it is possible to execute arbitrary code in the context of a vulnerable application. Exploitation may be complicated by character restrictions imposed by the library on the source data.

The vulnerability affects multiple Trend Micro products. It is also noted that multiple attack vectors exist, as affected software may scan ARJ files in email attachments, and through various file transfer protocols. Attacks against servers and clients are possible, though client-based attacks may require some amount of user-interaction.

Affected Products:

• Trend Micro Client/Server Suite for SMB for Windows
• Trend Micro Client/Server/Messaging Suite for SMB for Windows
• Trend Micro Control Manager AS/400
• Trend Micro Control Manager NetWare
• Trend Micro Control Manager S/390
• Trend Micro Control Manager Solaris
• Trend Micro Control Manager Win NT/2000
• Trend Micro Control Manager Windows
• Trend Micro InterScan Messaging Security Suite 3.81.0
• Trend Micro InterScan Messaging Security Suite 5.5.0
• Trend Micro InterScan Messaging Security Suite for Linux
• Trend Micro InterScan Messaging Security Suite for Solaris
• Trend Micro InterScan Messaging Security Suite for Windows
• Trend Micro InterScan VirusWall for AIX
• Trend Micro InterScan VirusWall for SMB
• Trend Micro InterScan VirusWall for SMB Linux
• Trend Micro InterScan VirusWall for SMB Windows NT
• Trend Micro InterScan VirusWall for Unix 3.0.1
• Trend Micro InterScan VirusWall for Unix 3.6.0 x
• Trend Micro InterScan VirusWall for Windows
• Trend Micro InterScan VirusWall for Windows NT 3.4.0
• Trend Micro InterScan VirusWall for Windows NT 3.5.0
• Trend Micro InterScan VirusWall for Windows NT 3.51.0
• Trend Micro InterScan VirusWall for Windows NT 3.52.0
• Trend Micro InterScan VirusWall for Windows NT 3.52.0 build 1466
• Trend Micro InterScan VirusWall for Windows NT 3.6.0
• Trend Micro InterScan VirusWall for Windows NT 5.1.0
• Trend Micro InterScan Web Security Suite for Linux
• Trend Micro InterScan Web Security Suite for Solaris
• Trend Micro InterScan Web Security Suite for Windows
• Trend Micro InterScan WebManager 1.2.0
• Trend Micro InterScan WebManager 1.2.0
• Trend Micro InterScan WebManager 2.0.0
• Trend Micro InterScan WebManager 2.1.0
• Trend Micro InterScan WebProtect for ISA
• Trend Micro InterScan eManager 3.5.0 For HP
• Trend Micro InterScan eManager 3.5.2 For Windows
• Trend Micro InterScan eManager 3.51.0
• Trend Micro InterScan eManager 3.51.0 j
• Trend Micro InterScan eManager 3.6.0 For Linux
• Trend Micro InterScan eManager 3.6.0 For Sun
• Trend Micro Interscan Viruswall (HP-UX) 3.6.0
• Trend Micro Interscan Viruswall (Linux) 3.0.1
• Trend Micro Interscan Viruswall (Linux) 3.6.0
• Trend Micro Interscan Viruswall (Solaris) 3.6.0
• Trend Micro OfficeScan Corporate Edition 3.0.0
• Trend Micro OfficeScan Corporate Edition 3.11.0
• Trend Micro OfficeScan Corporate Edition 3.13.0
• Trend Micro OfficeScan Corporate Edition 3.5.0
• Trend Micro OfficeScan Corporate Edition 3.54.0
• Trend Micro OfficeScan Corporate Edition 5.0.0 2
• Trend Micro OfficeScan Corporate Edition 5.5.0
• Trend Micro OfficeScan Corporate Edition 5.58.0
• Trend Micro OfficeScan Corporate Edition 6.5.0
• Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.0.0
• Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.1.1
• Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.11.0
• Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.13.0
• Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.5.0
• Trend Micro PC-cillin 2000
• Trend Micro PC-cillin 2002
• Trend Micro PC-cillin 2003
• Trend Micro PC-cillin 6.0.0
• Trend Micro PortalProtect 1.0.0
• Trend Micro ScanMail eManager
• Trend Micro ScanMail for Domino 2.51.0
• Trend Micro ScanMail for Domino 2.6.0
• Trend Micro ScanMail for Lotus Domino on AIX
• Trend Micro ScanMail for Lotus Domino on AS/400
• Trend Micro ScanMail for Lotus Domino on S/390
• Trend Micro ScanMail for Lotus Domino on Solaris
• Trend Micro ScanMail for Lotus Domino on Windows
• Trend Micro ScanMail for Microsoft Exchange 3.8.0
• Trend Micro ScanMail for Microsoft Exchange 3.81.0
• Trend Micro ScanMail for Microsoft Exchange 6.1.0
• Trend Micro ServerProtect 5.3.1
• Trend Micro ServerProtect for Linux 1.2.0
• Trend Micro ServerProtect for Novell Netware
• Trend Micro ServerProtect for Windows

References:

• Internet Security Systems: Trend Micro AntiVirus Library Heap Overflow
• Trend Micro: Scan Engine Updates
• Trend Micro: Vulnerability in VSAPI ARJ parsing could allow Remote Code execution

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.