[Japanese]
|
JVNDB-2007-000135
|
CCC Cleaner buffer overflow vulnerability
|
CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables.
This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed executables found in TrendMicro Antivirus. For details of this vulnerability, please refer to TrendMicro's website.
CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder.
Filenames: lpt$vpn.185
As of February 13, 2006, Trend Micro has announced that the vulnerability "the Anti-Rootkit Common Module (TmComm.sys)" disclosed on February 11, 2006 does not affect CCC Cleaner. For more information, refer to the vendor's website.
|
CVSS V2 Severity: Base Metrics 5.4 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Complete
|
|
Cyber Clean Center
- CCC Cleaner (CCC pattern Ver:185)
Trend Micro, Inc.
- Client / Server / Messaging Security for SMB 3.5
- Damage Cleanup Services 3.2
- Trend Micro Anti-Spyware for Consumer Consumer 3.5
- Trend Micro Anti-Spyware for Enterprise 3.0 SP2
- Trend Micro Anti-Spyware for SMB 3.2 SP1
- Trend Micro Antivirus 2007
- Trend Micro PC Cillin Internet Security 2007
- Virus Baster 2007
- Worry-Free Business Security 3.5
- Rootkit Provision Module (TmComm.sys)
|
|
Arbitrary code could be executed when CCC Cleaner scans UPX-packed files.
|
|
Cyber Clean Center
Trend Micro, Inc.
|
|
- CVE-2007-0856
|
- JVN : JVN#77366274
- National Vulnerability Database (NVD) : CVE-2007-0856
- US-CERT Vulnerability Note : VU#282240
- US-CERT Vulnerability Note : VU#666800
- Secunia Advisory : SA24069
- SecurityFocus : 22448
- ISS X-Force Database : 32353
- SecurityTracker : 1017604
- SecurityTracker : 1017605
- SecurityTracker : 1017606
- FrSIRT Advisories : FrSIRT/ADV-2007-0521
|
- [2008/05/21]
Web page published
|