'Critical' Trend Micro Flaw Could Cause Crashes
Most users should be fine, according to Mike Sweeny, a spokesman for Trend Micro, an antivirus and security software company with global headquarters in Tokyo. A fix for the flaw was included in automatic updates and the software is set to call in for an update at least once a day. Sweeny says users cannot set the updates for any longer period of time than once a day.
"We released it earlier this week so they're already protected," says Sweeny, who adds that they have not seen any exploit code in the wild that exploits the flaw.
The vulnerability is in Trend Micro's Scan Engine, which is a piece of software that's used in many of the company's products, like Trend Micro Internet Security and Trend Micro Office Scan. A corrupted UPX file can cause a buffer overflow and cause the system to crash, according to information on the company's Web site.
The site also says the flaw could enable an attacker to remotely control the system. When questioned, Sweeny said that's not the case.
Sweeny says competing antivirus software firm VeriSign's iDefense team first reported the flaw.