Published:2007/03/12  Last Updated:2008/05/21

CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables


CCC Cleaner, provided from Cyber Clean Center between January 25 and March 12, 2007, contains a division-by-zero vulnerability that occurs when it scans UPX-packed executables.

This vulnerability is caused by the "Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability" on TrendMicro's anti-virus product. For details of this vulnerability, please refer to the information provided by TrendMicro.

This vulnerability is different from "JVN#77366274: CCC Cleaner buffer overflow vulnerability."

Products Affected

  • CCC Cleaner (CCC pattern Ver:321 and earlier)
For more information, refer to the vendor's website.



When CCC cleaner scans a malicious UPX-packed executable file, CCC cleaner or the system itself may crash.


Vendor Status


  1. Trend Micro Incorporated

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2007.03.12

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Medium
Exploit Complexity Medium-High - expertise and/or luck required (guessing correctly in medium-sized space, kernel expertise)
  • Medium

Description of each analysis measures


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
JVN iPedia JVNDB-2007-000199

Update History