Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6386

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-6386
Last Modified 07 Mar 2011 10:02:36
Published 14 Dec 2007 09:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6386

Summary

Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.

Vulnerable Systems

Application

  • Trend Micro Antivirus Plus Antispyware 2008

  • Trend Micro Internet Security Virus Bust 2008

  • Trend Micro Internet Security Pro


References

SECUNIA - 28038

CONFIRM - http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464

XF - trendmicro-pccscan-zip-bo(38982)

VUPEN - ADV-2007-4191

MISC - http://secway.org/advisory/AD20071211.txt

OSVDB - 39770

OSVDB - 39769

SECTRACK - 1019079


Last Updated: 27 May 2016 10:46:28