Both Trend Micro and F-Secure found themselves recently in the rather embarrassing situation of having to plug the software holes so consumers would stop being vulnerable to attacks.
F-Secure released a patch for a vulnerability found its Internet Security, Anti-Virus, Linux and Protection Service product families. Apparently, a specially-crafted compressed file could be used to trigger a buffer overflow error, thus granting the attacker will full control of the system.
Next stop? Run arbitrary code, infect the machine, have the IT man spend extra hours in fixing the damage.
In the mean time, Trend Micro’s update was aimed at its OfficeScan product. This time, the attacker would’ve been able to cause a buffer overflow in the software’s server CGI model by using a malformed HTTP request.
Someone sitting in a Redmond office feels avenged.