• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability

The Trend Micro VSAPI scan engine library is prone to a heap-based buffer overflow vulnerability. This vulnerability may be triggered when the library processes a malformed ARJ archive.

The vulnerability affects multiple Trend Micro products. It is also noted that multiple attack vectors exist, as affected software may scan ARJ files in email attachments, and through various file transfer protocols.