Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21713
HistoryApr 21, 2009 - 12:00 a.m.

Trend Micro OfficeScan Client - DOS

2009-04-2100:00:00
vulners.com
8

Application: Trend Micro OfficeScan Client for Windows 8.0 sp1

OS: Windows XP


1 - Description

2 - Vulnerability

3 - POC/EXPLOIT


Description

OfficeScan is a good antivirus that used in many companys.

The problem with this bug is that a bad user can install any virus and the av is crash can not
notifies to the admin of av ,also other user can install
irregulars programs, for example a legal program with a crack and if there are a audit the company
have a risk that detect ilegal software.


Vulnerability

The problem is when the officescan try scan a folders with a long name, this caused that
aplication crash. The result varies
depending on the number of chars that you use in the poc.


POC/EXPLOIT

The poc is a simple code in visual basic that creates many folders with a longs names and after
this, the aplication, scans the folder and the av crash.

download here : http://es.geocities.com/jplopezy/officescan.zip


Juan Pablo Lopez Yacubian