Trend Micro has become aware of a vulnerability in its Scan Engine, wherein a corrupted UPX file can cause a buffer overflow and lead to either of the following:
• Blue screen of death (BSOD)
• Execution of arbitrary code that allows an attacker to take control of the system
It affects all Trend Micro products and versions using the Scan Engine and Pattern File technology. A complete list of products is found in:
To address the vulnerability, update to virus pattern file 4.245.00 or higher. This provides the following fixes:
• Update of the UPX Parsing algorithm
• Generic detection for malformed UPX files
Enhancements will also be applied on the Scan Engine and the fix will be included in the upcoming release of version 8.5.
If you encounter issues downloading the pattern file from the ActiveUpdate server, refer to the following manual update solutions:
Client / Server / Messaging Security for SMB
Client / Server Security for SMB
InterScan VirusWall for SMB (version 5.0)
If you suspect that you may have been affected by this vulnerability, contact your Technical Account Manager or Trend Micro Technical Support Services in your region.
This vulnerability was reported to Trend Micro by the iDefense Vulnerability Labs.