A critical bug in a library common across its product line has left Trend Micro issuing advisories and updates for many of its anti-virus products. If the vulnerability is left unpatched, remote attackers could gain the ability to run arbitrary code on affected systems, including network gateways.
According to Trend Micro’s advisory, the vulnerability exists in 29 of its products running on platforms including Linux, Windows, Solaris, AIX, HP-UX, and several others. The company has provided an update that should address the problem across its product line, including desktop systems, servers, and gateways.
The vulnerability was first reported by Internet Security Systems (ISS). The firm said that by crafting an ARJ file in a specific manner, remote attackers could trigger a heap overflow. This is the second time in the past month that ARJ archives have been responsible for vulnerabilities in anti-virus software: F-Secure software was recently found to be vulnerable to a similar flaw.
This is also the third time in several weeks that a security vendor has been confronted with a critical vulnerability across its product line. Symantec reported 30 affected products in a similarly widespread, library-related vulnerability.