Published:2011/05/17 Last Updated:2011/05/17
JVN#99175647
Virus Buster 2009 key input encryption function vulnerability
Overview
Virus Buster 2009 contains a vulnerability within the key input encryption function.
Products Affected
- Virus Buster 2009
Description
The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted.
Impact
When input information is stolen by a key logger, portions of the information may be leaked in plaintext.
Solution
Update the Software
Update to Virus Buster 2010 or 2011 according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Trend Micro Incorporated | vulnerable | 2011/05/17 | http://esupport.trendmicro.co.jp/Pages/JP-2079186.aspx |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2011-1327 |
| JVN iPedia |
JVNDB-2011-000028 |