>
> TITLE:
> Trend Micro Products SSAPI Module Long Path Processing Buffer
> Overflow
>
> SECUNIA ADVISORY ID:
> SA26557
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26557/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Privilege escalation, System access
>
> WHERE:
> From local network
>
> SOFTWARE:
> Trend Micro PC-cillin Internet Security 2007
> http://secunia.com/product/13436/
> Trend Micro Anti-Spyware 3.x
> http://secunia.com/product/13439/
>
> DESCRIPTION:
> A vulnerability has been reported in Trend Micro products, which can
> be exploited by malicious, local users to gain escalated privileges
> or potentially by malicious people to compromise a user's system.
>
> The vulnerability is caused due to a boundary error within the SSAPI
> module in vstlib32.dll when processing path names. This can be
> exploited to cause a stack-based buffer overflow by e.g. creating a
> file with an overly long path name.
>
> Successful exploitation allows execution of arbitrary code with
> SYSTEM privileges, but requires that the Venus Spy Trap (VST)
> functionality of SSAPI is enabled.
>
> The vulnerability affects the following products:
> * Trend Micro PC-cillin Internet Security 2007 15.0 - SSAPI version
> 5.0.0.1066
> * Trend Micro PC-cillin Internet Security 2007 15.2 ? SSAPI
> v5.0.0.1074
> * Trend Micro PC-cillin Internet Security 2007 15.3 ? SSAPI
> v5.2.0.1004
> * Trend Micro PC-cillin Internet Security 2007 15.2 Patch ? SSAPI
> v5.2.0.1012
> * Trend Micro AntiSpyware 3.5 - SSAPI v5.0.0.1066
>
> SOLUTION:
> Apply temporary hotfix until official patches are released, which
> will reportedly be available via the Trend Micro ActiveUpdate servers
> on September 10, 2007.
>
> Trend Micro PC-cillin Internet Security 2007:
> ftp://conftpuser:consumer-trend@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> /consumer/Tools/Hotfix/pcc_2007_1530_win_en_ssapi_5_2_1028.exe
>
> Trend Micro Anti-Spyware for Consumer 3.5:
> * 32-bit OS
> ftp://conftpuser:consumer-trend@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> /consumer/Tools/Hotfix/ssapi_52_win_en_hfb1028_32bit.exe
>
> * 64-bit OS
> ftp://conftpuser:consumer-trend@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> /consumer/Tools/Hotfix/ssapi_52_win_en_hfb1028_64bit.exe
>
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by Ismael Briones and reported via iDefense Labs.
>
> ORIGINAL ADVISORY:
> Trend Micro:
> http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035845
>
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=586
>