Lucene search
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.TRENDMICRO_ARJ_OVERFLOW.NASLHistoryFeb 24, 2005 - 12:00 a.m.
Trend Micro VSAPI ARJ Handling Heap Overflow
2005-02-2400:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
11
The remote host is running a version of the Trend Micro engine that has a heap overflow vulnerability in the ARJ handling functions.
An attacker may exploit this flaw to bypass virus protection altogether and execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to submit a malformed ARJ archive to a process on the remote host and wait for the antivirus engine to scan it.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(17213);
script_version("1.15");
script_cvs_date("Date: 2018/08/01 17:36:15");
script_cve_id("CVE-2005-0533");
script_bugtraq_id(12643);
script_name(english:"Trend Micro VSAPI ARJ Handling Heap Overflow");
script_summary(english:"Checks the version of the remote Trend Micro engine");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running an application that is affected by a buffer
overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of the Trend Micro engine that has
a heap overflow vulnerability in the ARJ handling functions.
An attacker may exploit this flaw to bypass virus protection altogether
and execute arbitrary code on the remote host. To exploit this flaw, an
attacker would need to submit a malformed ARJ archive to a process on
the remote host and wait for the antivirus engine to scan it.");
# http://about-threats.trendmicro.com/us/search.aspx?p=VULNERABILITY%20IN%20VSAPI%20ARJ%20PARSING%20COULD%20ALLOW%20REMOTE%20CODE%20EXECUTION
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e2d903ac");
script_set_attribute(attribute:"solution", value:"Upgrade to the Trend Micro engine version 7.510 or newer.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/24");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/24");
script_set_attribute(attribute:"patch_publication_date", value:"2005/02/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"Windows");
script_dependencies("trendmicro_installed.nasl");
script_require_keys("Antivirus/TrendMicro/trendmicro_engine_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("Antivirus/TrendMicro/trendmicro_engine_version");
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i < max_index(ver); i++)
ver[i] = int(ver[i]);
if (
ver[0] < 7 ||
(ver[0] == 7 && ver[1] < 510)
)
{
if (report_verbosity > 0)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
report = '\n Current engine version : ' + engine +
'\n Fixed engine version : 7.510' +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
}
else exit(0, "The remote host has engine version "+engine+" and thus is not affected.");
Related
cve
cve
CVE-2005-0533
2005-05-02 04:00:00
CVE-2007-0602
2007-01-30 18:28:00
checkpoint_advisories
checkpoint_advisories
Trend Micro Products AntiVirus Library Buffer Overflow (CVE-2005-0533)
2010-03-09 00:00:00
prion
prion
Buffer overflow
2007-01-30 18:28:00
Related for TRENDMICRO_ARJ_OVERFLOW.NASL