Two major security software vendors have released patches for flaws in their own offerings.
F-Secure and Trend Micro have posted updates to address vulnerabilities which could leave customers vulnerable to attack.
Trend Micro issued a fix for its OfficeScan product in which an attacker could use a malformed HTTP request to cause a buffer overflow in the software's server CGI model.
A successful exploit could allow an attacker to remotely execute code on the targeted system.
F-Secure, meanwhile, has released an update which corrects an issue in its Internet Security, Anti-Virus, Linux and Protection Service product families as well as several F-Secure server and gateway offerings.
The issue stems from an error which occurs when the software is not set to scan compressed files.
An attacker could use a specially-crafted compressed file to trigger a buffer overflow error and gain complete control at the system level of a targeted machine and execute arbitrary code.
The US Computer Emergency Response Team is advising users and administrators of all of the affected security products to install the patches as soon as possible.
Major security firms caught napping
By
Shaun Nichols
on Oct 27, 2008 9:55AM
F-Secure and Trend Micro forced to patch flaws in their own software.
