Trend InterScan VirusWall Remote Buffer Overflow Vulnerability
Components of Trend Micro's InterScan VirusWall have been found to contain remotely exploitable buffer overflows.
Two components of VirusWall support the application's remote administrative functions. These accept various parameters submitted in URLs.
By appending long strings to the submitted URLs, an attacker can create a buffer overflow condition.
As a result of this overflow, excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling functions' return address.
Since this data is supplied by the user it can be made to alter the program's flow of execution.
Properly executed, such an attack can allow an attacker to gain SYSTEM privilege and execute arbitrary hostile code.