Trend Micro Anti-Spyware And PC-cillin SSAPI Engine Local Stack Buffer Overflow Vulnerability

Trend Micro Anti-Spyware And PC-cillin SSAPI Engine Local Stack Buffer Overflow Vulnerability

Trend Micro Anti-Spyware and PC-cillin Internet Security are prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

This issue affects a library in Trend Micro's SSAPI Engine.

Successful exploits may allow an attacker to execute arbitrary code with SYSTEM-level privileges. This may facilitate a complete compromise of vulnerable servers. Failed exploit attempts will likely result in denial-of-service conditions.

Trend Micro Anti-Spyware for Consumer 3.5 and PC-cillin Internet Security 2007 are vulnerable.