Trend Micro, Zone Labs, ClamAV join security products

Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.

The three vendors have all acknowledged various security
vulnerabilities in a range of desktop and server products that could
lead to arbitrary code execution, privilege escalation or
denial-of-service conditions.

Trend Micro, which specializes in virus protection software, has issued patches for ServerProtect and the PC-cillin suite.

[SEE: Can you really trust your security vendor? ]

The ServerProtect update, rated “moderately critical” by Secunia,
covers boundary errors and integer overflow errors that could be
exploited to launch harmful code on a vulnerable installation. Two
separate alerts from iDefense (here and here) outline the details and potential risks.

iDefense has also discovered about a remotely exploitable buffer overflow in Trend Micro Inc.’s SSAPI Engine that could allow attackers to execute arbitrary code with system level privileges.

The latest black-eye for security vendors has also affected Check Point Zone Labs. From an iDefense alert:

Local exploitation of an insecure permission
vulnerability in multiple Check Point Zone Labs products allows
attackers to escalate privileges or disable protection.

The vulnerability specifically exists in the default file Access
Control List (ACL) settings that are applied during installation. When
an administrator installs any of the Zone Labs ZoneAlarm tools, the
default ACL allows any user to modify the installed files. Some of the
programs run as system services. This allows a user to simply replace
an installed ZoneAlarm file with their own code that will later be
executed with system-level privileges.

Exploitation allows local attackers to escalate privileges to the
system level. It is also possible to use this vulnerability to simply
disable protection by moving all of the executable files so that they
cannot start on a reboot.