CVE-2007-6386

Name of the Vulnerable Software and Affected Versions Trend Micro AntiVirus plus AntiSpyware 2008 versions prior to build 1451 Trend Micro Internet Security 2008 versions prior to build 1451 Trend Micro Internet Security Pro 2008 versions prior to build 1451

Description The issue is related to a stack-based buffer overflow in the PccScan.dll file. This can be triggered by a malformed .zip archive with a long name. The exploitation can lead to a denial of service, causing the SfCtlCom.exe to crash, and can also allow local users to gain privileges. The vulnerability can be exploited via a crafted .uue file that utilizes format string specifiers to create a malicious .zip file.

Recommendations For Trend Micro AntiVirus plus AntiSpyware 2008 versions prior to build 1451, update to build 1451 or later to resolve the issue. For Trend Micro Internet Security 2008 versions prior to build 1451, update to build 1451 or later to resolve the issue. For Trend Micro Internet Security Pro 2008 versions prior to build 1451, update to build 1451 or later to resolve the issue. As a temporary workaround, consider avoiding the use of .zip archives with long names until the issue is resolved.