Windows Vista-Compatible Antivirus Puts Users at Risk

Here's another Windows Vista-compatible antivirus that must be patched as soon as possible to avoid successful exploitations of a recently reported vulnerability. Trend Micro AntiVirus plus AntiSpyware 2008, Trend Micro Internet Security 2008 and Trend Micro Internet Security Pro 2008 are all affected by the uue decoding format string vulnerability, rated by security company Secunia as moderately critical. Trend Micro wrote that the glitch affected only Windows Vista and Windows XP SP2.

"While parsing the .uue file TrendMicro Antivirus plus AntiSpyware 2008 does not properly check the value of certain field thus resulting into a remote memory corruption. When certain fields of the .uue file contains a format string the 'Trend Micro Central Control Component' Service will crash", Trend Micro wrote in the security notification published today.

"This vulnerability only affects users with English Versions of TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) build #1450 and older."

Trend Micro is one of the companies that tried to improve the security of the latest Microsoft operating system flavor, Windows Vista. Although Vista has always been regarded as the most secure Windows ever, the security companies from all over the world quickly designed compatible technologies supposed to keep the users on the safe side and block malicious attempts targeting their computers.

In addition, Trend Micro also got involved into the mobile security, as its technologies can now protect several handheld devices, including Sony Ericsson smartphones.

"Trend Micro strives to be one step ahead of the bad guys. Smartphone usage and convenience are expanding quickly. Even though the mobile threats we've encountered so far have been containable, our goal is to 'future-proof' our customers with the best security solutions we can deliver", said Todd Thiemann, marketing director for Trend Micro's incubation group.

In order to patch your vulnerable (please check the red paragraph above) solution provided by Trend Micro, you must install a fix released by the security company available here (notice that this is the direct link to the original advisory provided by Trend Micro!).