An Antivirus Solution = One More Vulnerable Computer

It's well known the fact that you must have an antivirus solution in order to protect your computer from viruses, malware files or other threats that might harm your system. But what if those security products that must be installed on your computer are also vulnerable and the hackers can use them to infiltrate into the system? Well, it seems like it's not so safe to use an antivirus product. The recently discovered vulnerability in Trend Micro OfficeScan proves it because the attackers might obtain user privileges on an affected computer. In a security notification published today, iDefense Labs informs that the business solution does not require authentication and can be easily exploited.

"Remote exploitation of a stack-based buffer overflow vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to execute arbitrary code with the privileges of the IIS Web User," it is mentioned in the notification.

"The OfficeScan installation includes a series of CGI executables that are used for configuration through the Web interface. A shared library, CGIOCommon.dll, is used by many of these binaries to access environment variables passed to them from the parent IIS process. If a malicious Web request is made for a vulnerable binary, including an overly long session cookie, a stack-based Unicode buffer overflow will occur."

Piece of cake, you'll say, an IIS user has limited access so it can't be too dangerous if an attacker manages to break into an affected system. But what if other software solutions installed on your computer are vulnerable as well and can be used to obtain higher privileges? Now, that's a problem...

The parent company Trend Micro already created several patches to fix the vulnerabilities currently confirmed in OfficeScan 7.3 with all the updates installed. If you want to download these fixes, you can find them on the official page of Trend Micro available here.