Talk about having a false sense of security. While Trend Micro security software has always been a crowd favorite, iDefense has found some security leaks that could lead to some massive repercussions.

Security service provider iDefense has found two vulnerabilities in Trend Micro’s antivirus products that allow attackers to inject arbitrary program code and execute it with system rights. In addition, Alwil’s Avast Server Edition virus scanner does not always ask for a password if one is set.

Trend Micro’s virus scanner trips up when processing manipulated UPX-compressed files. The results can be a memory violation that causes the scanner to crash; however, iDefense speculates that it might also be possible to inject code and execute it with the rights of the service. Attackers would then be able to exploit the hole by means of specially prepared e-mails, for instance.[more]

Tags: Bugs