N/A

Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.

N/A

N/A

Trend Micro Anti-Spyware和PC-cillin SSAPI引擎本地栈溢出漏洞

Anti-Spyware和PC-cillin都是趋势科技发布的杀毒软件产品。 Anti-Spyware和PC-cillin的vstlib32.dll库中的VST函数中存在栈溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 如果攻击者在本地文件系统创建了有超长路径(超过max_path字符限制)的文件的话，则vstlib32从操作系统接收到了ReadDirectoryChangesW回调通知的时候就会在SSAPI模块中触发栈溢出，导致以系统权限执行任意指令。

N/A

N/A