Hi folks,
I found a vulnerability in the feature of virus scan for e-mail in
Virus Buster 2001 from Trend Micro Inc.
Virus Buster 2001 is a Japanese software package that has similar
functions of PC-cillin 2000 such as eMail Virus Scanning and Browser
Scanning.
The feature of virus scan for e-mail in this software, called "eMail
Virus Scanning" on PC-cillin, is used not to receive e-mail including
virus by scanning every e-mail whenever MUA (Mail User Agent) imports
e-mail by using POP3 protocol.
The function is running as a proxy between MUA and MRA (Mail Retrieval
Agent) as well.
Problem Description
-------------------
The buffer overflow occurs when MUA received email with the MIME Boundary
defined in RFC 1341 including unusually long strings.
As a result, the user of this software is not able to receive any
e-mail(s) more. An attacker could use this vulnerability to execute
arbitrary commands.
A restart of the computer is required in order to gain normal
functionality.
Example of Issue
-----------------
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Tue, 30 Jan 2001 15:06:57 +0900
Subject: TEST
Mime-Version: 1.0
Content-Type: MultiPart/Mixed;Boundary="aaa(about 300 characters)aaa"
--aaa(about 300 characters)aaa
Content-Type: text/plain; charset=iso-2022-jp
body
--aaa(about 300 characters)aaa
Content-Type: application/octet-stream; name="aaa.exe"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="aaa.exe"
--aaa(約300個)aaa
I've seen at all.
Tested Version of Virus Buster
------------------------------
Virus Buster 2001 (Japanese)
Program Version 8.01
Tested on
---------
Windows 2000 Professional(Japanese)
Status of fixes
----------------
Due to prompt response by Trend Micro, the version 8.02, which was fixed
this problem, was published on February 7th.
You can update to Program Version 8.02 by using the feature of
automatically updating software called Intelligent Update.
If you have not updated your software since February 7th, you must
upgrade to the version 8.02 with Intelligent Update immediately.
Required conditions for updating are:
1) using product version as registered user.
2) updating the software with Intelligent Update.
(License key is necessary to do this.)
Also, the Service Pack to fix this issue is available from:
http://www.trendmicro.co.jp/homeuser/download/vb2001sp2.htm
(Japanese only; the program will be updated to 8.02.)
Vendor Information
-------------------
Trend Micro Inc.: http://www.trendmicro.com/
Trend Micro Inc.(Japan): http://www.trendmicro.co.jp/
--
Sayo Ichinose<[EMAIL PROTECTED]>
Computer Security Laboratory
LAC Co.,Ltd.
PHONE +81-3-5531-0358 FAX +81-3-5531-0142
http://www.lac.co.jp/
--