Home page logo

bugtraq logo Bugtraq mailing list archives

Security hole in Virus Buster 2001
From: Ichinose Sayo <ichinose () LAC CO JP>
Date: Tue, 30 Jan 2001 19:37:36 +0900

Hi folks,

I found a security hole in the feature of virus scan for e-mail in
Virus Buster 2001 from Trend Micro Inc.

Virus Buster 2001 is a japanese software package that has similar
functions of PC-cillin 2000 such as eMail Virus Scanning and Browser

The feature of virus scan for e-mail in this software, called "eMail
Virus Scanning" on PC-cillin, is used not to receive e-mail including
virus by scanning every e-mail whenever MUA (Mail User Agent) imports
e-mail by using POP3 protocol.

The function is running as a proxy between MUA and MRA (Mail Retrieval
Agent) as well.

Problem Description

The buffer overflow occurs when MUA received email with the header
defined in RFC 822 including unusually long strings.
As a result, the user of this software is not able to receive any
e-mail(s) more.
A restart of the computer is required in order to gain normal

Example of Issue:
From: ichinose () lac co jp
To: aaaaaaaaaaaaaaaaaaaaa(about 16,000 charactors)aaaaaaaaa
Date: Fri, 26 Jan 2001 16:07:23 +0900
Subject: TEST
I've seen at all.

Tested Version of Virus Buster
Virus Buster 2001 (Japanese)
Program Version 8.00

Tested on
Windows 2000 Professional(Japanese)

Status of fixes

This problem does not affect Program Version 8.01.
You can update to Program Version 8.01 by using the feature of
automatically updating software called intelligent update.
If you use a trial version of Virus Buster 2001 installed from supplement
to a magazine or CD-ROM, it strongly recommended to confirm the Program
Version and you should purchase the license and update it if it is
vulnerably version.
Also, if you have not done user registration and used original one, you
must be registered as a customer and update your software with
intelligent update(feature to update software automatically).

Required conditions for updating are:
1) using product version as registered user.
2) Updating the software with intelligent update.
   (License key is necessary to do this.)

Vendor Information

Trend Micro Inc.: http://www.trendmicro.com/
Trend Micro Inc.(Japan): http://www.trendmicro.co.jp/

Sayo Ichinose<ichinose () lac co jp>
Computer Security Laboratory
LAC Co.,Ltd.
PHONE  +81-3-5531-0358  FAX  +81-3-5531-0142

  By Date           By Thread  

Current thread:
  • Security hole in Virus Buster 2001 Ichinose Sayo (Jan 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]