Users login

Create an account »


Users login

Home » Hacking News » Virus Buster 2001 Buffer Overflow

Virus Buster 2001 Buffer Overflow

by evilnop on February 9th, 2001 Sayo Ichinose in his post to bugtraq has wrote this:

Hi folks,
I found a vulnerability in the feature of virus scan for e-mail in Virus Buster 2001 from Trend Micro Inc.
Virus Buster 2001 is a Japanese software package that has similar functions of PC-cillin 2000 such as eMail Virus Scanning and Browser Scanning.

The feature of virus scan for e-mail in this software, called "eMail
Virus Scanning" on PC-cillin, is used not to receive e-mail including
virus by scanning every e-mail whenever MUA (Mail User Agent) imports
e-mail by using POP3 protocol.

The function is running as a proxy between MUA and MRA (Mail Retrieval
Agent) as well.

Problem Description


The buffer overflow occurs when MUA received email with the MIME Boundary
defined in RFC 1341 including unusually long strings.
As a result, the user of this software is not able to receive any
e-mail(s) more. An attacker could use this vulnerability to execute
arbitrary commands.
A restart of the computer is required in order to gain normal

Example of Issue


From: [email protected]

To: [email protected]

Date: Tue, 30 Jan 2001 15:06:57 +0900

Subject: TEST

Mime-Version: 1.0

Content-Type: MultiPart/Mixed;Boundary="aaa(about 300 characters)aaa"

--aaa(about 300 characters)aaa

Content-Type: text/plain; charset=iso-2022-jp

--aaa(about 300 characters)aaa

Content-Type: application/octet-stream;

Content-Transfer-Encoding: base64

Content-Disposition: inline; filename="aaa.exe"


I've seen at all.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »