JVNDB-2007-000199

[Japanese]
JVNDB-2007-000199
CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables
Overview
CCC Cleaner, provided from Cyber Clean Center between January 25 and March 12, 2007, contains a division-by-zero vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by the "Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability" on TrendMicro's anti-virus product. For details of this vulnerability, please refer to the information provided by TrendMicro. This vulnerability is different from "JVN#77366274: CCC Cleaner buffer overflow vulnerability."
CVSS Severity (What is CVSS?)
Base Metrics: 7.8 (High) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

Affected Products

Cyber Clean Center CCC Cleaner (CCC pattern Ver:321 and earlier) Trend Micro, Inc. Trend Micro Scan Engine 8.000 (English) Trend Micro Scan Engine 8.300 (English) Virus Search Engine VS API 8.0 later (Japanese)

Impact
When CCC cleaner scans a malicious UPX-packed executable file, CCC cleaner or the system itself may crash.
Solution

Vendor Information
Cyber Clean Center Cyber Clean Center : TopPage (Japanese) Cyber Clean Center : Download (Japanese) JPCERT/CC : JPCERT�\|PR�\|2007�\|0003 (Japanese) Trend Micro, Inc. TrendMicro Solution : Solution ID: 1034587 TrendMicro Support : 929 (Japanese) TrendMicro Support : Solution ID: 2061483 (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2007-1591
References
JVN : JVN#80126589 National Vulnerability Database (NVD) : CVE-2007-1591 Secunia Advisory : SA24450 SecurityFocus : 22965 FrSIRT Advisories : FrSIRT/ADV-2007-0959
Revision History
[2008/05/21] Web page published


Date Public	2007/03/12
Date First Published	2008/05/21
Date Last Updated	2008/05/21

CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables