Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Virus Buster 2001 Buffer Overflow

Virus Buster 2001 Buffer Overflow

by evilnop on February 9th, 2001 Sayo Ichinose in his post to bugtraq has wrote this:

Hi folks,
I found a vulnerability in the feature of virus scan for e-mail in Virus Buster 2001 from Trend Micro Inc.
Virus Buster 2001 is a Japanese software package that has similar functions of PC-cillin 2000 such as eMail Virus Scanning and Browser Scanning.


The feature of virus scan for e-mail in this software, called "eMail
Virus Scanning" on PC-cillin, is used not to receive e-mail including
virus by scanning every e-mail whenever MUA (Mail User Agent) imports
e-mail by using POP3 protocol.

The function is running as a proxy between MUA and MRA (Mail Retrieval
Agent) as well.



Problem Description

-------------------



The buffer overflow occurs when MUA received email with the MIME Boundary
defined in RFC 1341 including unusually long strings.
As a result, the user of this software is not able to receive any
e-mail(s) more. An attacker could use this vulnerability to execute
arbitrary commands.
A restart of the computer is required in order to gain normal
functionality.



Example of Issue

-----------------



From: [email protected]

To: [email protected]

Date: Tue, 30 Jan 2001 15:06:57 +0900

Subject: TEST

Mime-Version: 1.0

Content-Type: MultiPart/Mixed;Boundary="aaa(about 300 characters)aaa"

--aaa(about 300 characters)aaa


Content-Type: text/plain; charset=iso-2022-jp
body


--aaa(about 300 characters)aaa



Content-Type: application/octet-stream;
name="aaa.exe"

Content-Transfer-Encoding: base64

Content-Disposition: inline; filename="aaa.exe"



--aaa(約300個)aaa



I've seen at all.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »