14 DAY TRIAL // Trend Micro has always been that kind of company which struggled to create something revolutionary able to compete with the security giants. However, the security firm didn't manage to become one of the leaders but even so, numerous consumers from every corner of the world were still attracted by Trend Micro's solutions. This article is especially addressed to them because security company Secunia reported a moderately critical vulnerability that can allow an attacker to obtain high privileges on an affected system. According to the report, the security flaw was confirmed in Trend Micro PC-cillin Internet Security 2007 15.0, 1.5.2, 15.3 and Trend Micro AntiSpyware 3.5.
"The vulnerability is caused due to a boundary error within the SSAPI module in vstlib32.dll when processing path names. This can be exploited to cause a stack-based buffer overflow by e.g. creating a file with an overly long path name. Successful exploitation allows execution of arbitrary code with SYSTEM privileges, but requires that the Venus Spy Trap (VST) functionality of SSAPI is enabled," Secunia wrote in the advisory.
The interesting fact about this security hole is that you can patch it using a temporary fix because the parent company Trend Micro said that a full patch to resolve the vulnerability will be officially rolled out on September 10, 2007.
As you can see, most of the antivirus solutions available on the market are affected by more or less critical vulnerabilities. So, where's our security? Well, it is rumored that it still exists as long as the consumers are a little bit paranoiac to ignore all the unsolicited messages coming into their inbox, to avoid chatting with unknown contacts on the instant messaging files and to refuse downloading unrequested files. However, let's hope that the top security solutions currently available will manage to become more powerful and protect our computers from any kind of threat.