Trend Micro Warns of Scan Engine Vulnerability

Anti-virus (AV) specialist Trend Micro Inc. last week warned of a flaw in its AV scanning engine that could result in denial-of-service (DoS) or system takeover.

The flaw affects a variety of products, including Trend Micro's InterScan Messaging Security Suite, InterScan VirusWall, InterScan Web Security Suite, OfficeScan and ServerProtect offerings. Trend Micro's consumer offerings -- such as Trend Micro Antivirus and PC-cillin -- are also affected, officials said.

The vulnerability stems from a corrupted UPX file in Trend Micro's scan engine. An attacker who successfully exploits it can cause a buffer overflow and trigger a Windows Blue Screen of Death (BSOD) or -- more dangerous still -- potentially execute arbitrary code on the compromised system. In the latter scenario, officials concede, an attacker could take control of the system.

The vulnerability was first reported by iDefense Vulnerability Labs, a security researcher based in Sterling, Virginia.

According to iDefense researchers, the flaw can be exploited by means of common protocols, such as SMTP, HTTP or FTP; nor must an attacker successfully authenticate to be able to exploit the vulnerability, iDefense says.

The worst-case scenario -- remote execution of arbitrary code -- stems from the fact that (in Windows environments) the Trend Micro scan engine runs in the kernel context. Under Linux, the engine runes as a daemon with superuser privileges, iDefense researchers say. The upshot, in any case, is severe: an attacker can take complete control of a compromised system, assuming she's first able to successfully execute her malicious payload.

Trend Micro advises customers to update their virus pattern files to 4.245.00. It also plans to incorporate a fix into its upcoming Scan Engine version 8.5 release. In addition, Trend Micro officials say, the AV specialist also distributes a fix for the flaw via its automatic update feature.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Microsoft Bringing Teams to Linux in Preview

    A limited preview of the Microsoft Teams app is now available for select Linux desktop operating systems, making it "the first Microsoft 365 app" to run on Linux.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Classic SharePoint Blogs Approaching 'Retirement'

    A recent Microsoft Message Center post indicates that "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement."

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.