Anti virus vendor Trend Micro is warning users against a potentially serious vulnerability that exists in more than 30 of its security applications.
If the vulnerability is exploited, the company said that an attacker could remotely install and execute code or cause a system crash resulting in the infamous Windows "blue screen of death."
The problem exists in the Trend Micro Scan Engine, a core component of the company's anti-virus applications. When the Scan Engine encounters a certain type of malformed .exe file, it triggers a denial of service (DoS) crash. The DoS can then either be used to remotely install and execute malware code.
Because the vulnerability allows attackers to remotely install and execute code on vulnerable systems, security company Secunia rated the vulnerability "highly critical," its second-highest severity rating.
Trend Micro has issued a fix for the vulnerability which users can get by updating to the latest virus pattern update. The company said that it will patch the flaw in its upcoming Scan Engine 8.5 update.
Security flaw hits Trend Micro antivirus
By Shaun Nichols, vnunet on Feb 9, 2007 1:36PM