A critical flaw has been discovered in Trend Micro’s AntiVirus Library, used by all the company’s desktop, server and gateway security products.
The Library is also used by ISPs and email services such as Hotmail, and in third-party security products which use licensed versions of the software, greatly widening the scope of the new alert. The full list of Trend Micro products affected by the flaw runs to a total of 30 products.
According to the company advisory, the problem lies with the way the Library handles files compressed using the ARJ standard. "Thus, it is possible to create a specially-crafted ARJ archive file that overwrites data after the allocated 512-byte buffer. This specially-crafted file could possibly execute an arbitrary code," continues the warning, a technically accurate but opaque way of saying that a virus code could in certain circumstances be hidden inside an archive file and not be detected.
The flaw was discovered by security company ISS, which two weeks ago reported a very similar hole in the anti-virus library used by a large number of Symantec security products. That too related to the possibility of exploiting a heap overflow in compressed files, which suggests that ISS researchers are systematically looking into such vulnerabilities.
ISS has had its own security issues in the last year, being on the receiving end last March of the "Witty" worm that specifically targeted its Black Ice intrusion prevention system.
Full details of the current vulnerability can be found by visiting the Trend Micro website