Trend Micro Products UUE File Parsing Buffer Overflow - Advisories - Secunia
ウイルスバスター2008のPccScan.dllにUUEファイルを処理する上でバッファーオーバフローの脆弱性が存在するそうです。UUDECODEのことかな。
Sowhat has reported a vulnerability in some Trend Micro products, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within PccScan.dll when decoding UUE files and can be exploited to cause a buffer overflow via a specially crafted UUE file.
NOTE: The vendor's advisory states that the vulnerability is caused due to a format-string error when handling certain fields of a UUE file during decoding. It is not clear if this is a separate vulnerability.
The vulnerability affects English versions of the following products:
- Trend Micro Internet Security Pro
- Trend Micro Internet Security/Virus Buster 2008
- Trend Micro Antivirus plus AntiSpyware 2008