McAfee, Trend Micro fix flaws in their antivirus software

One of them could have led to the dreaded 'blue screen of death'

Both McAfee Inc. and Trend Micro Inc. yesterday confirmed vulnerabilities in their security software that could let hackers hijack systems or bring them down with the dreaded "blue screen of death."

The McAfee flaw resides in its ePolicy Orchestrator security suite and ProtectionPilot security manager. The bug was patched yesterday.

According to rival Symantec Corp., the vulnerability is a buffer-overflow bug in the SiteManager.dll ActiveX control that ships with ePolicy Orchestrator (ePO). "A successful exploit of these security flaws would allow an attacker to remotely execute arbitrary code on the machine," McAfee said in its own warning, posted yesterday. "One way [an attack could take place] is by rendering a malicious web page through Microsoft's Internet Explorer."

As is the habit of many vendors, McAfee downplayed the threat by noting that user interaction was required to, for instance, surf to a malicious site. Copenhagen-based vulnerability tracker Secunia APS, however, rated the bug as "highly critical," its second-from-the-top ranking.

McAfee said its ePO 3.5.0, 3.6.0 and 3.6.1 are vulnerable to attack, as are ProtectionPilot 1.1.1 and 1.5.0.

Patches have been posted to the McAfee enterprise support service portal.

Trend Micro's virus scanning engine, meanwhile, is also buggy, VeriSign's iDefense unit said today. The Reston, Va.-based security intelligence company warned that Trend Micro's AntiVirus engine -- used in products such as PC-cillin and Internet Security Suite -- contains a vulnerability that, if exploited, brings on the Windows "blue screen of death," in which the operating system is rendered unusable.

The divide-by-zero error can be used to crash not only the security software, but also the operating system, said iDefense in an alert. Gateways are especially vulnerable, since they're set up to automatically scan incoming files.

"If a mail gateway is being targeted, this vulnerability can be exploited automatically by sending a malicious attachment through a gateway that uses Trend Micro to scan content," warned iDefense. If an attacker sends a malformed .upx file -- the extension is an image format associated with Ulead System Inc.'s Photo Express application -- it would blue-screen the gateway without user interaction.

Like McAfee, Trend Micro has patched the flaw. The company released a fix in Monday's signature update that systems set to automatically retrieve updates will have downloaded and installed.

Faulty antivirus software has been much in the news of late. Earlier this week, Microsoft patched its Windows Live OneCare security suite after users lost e-mail when the product's scanner incorrectly quarantined Outlook and Outlook Express date files.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon