JVN#80126589
CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables
Overview
CCC Cleaner, provided from Cyber Clean Center between January 25 and March 12, 2007, contains a division-by-zero vulnerability that occurs when it scans UPX-packed executables.
This vulnerability is caused by the "Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability" on TrendMicro's anti-virus product. For details of this vulnerability, please refer to the information provided by TrendMicro.
This vulnerability is different from "JVN#77366274: CCC Cleaner buffer overflow vulnerability."
Products Affected
- CCC Cleaner (CCC pattern Ver:321 and earlier)
Description
Impact
When CCC cleaner scans a malicious UPX-packed executable file, CCC cleaner or the system itself may crash.
Solution
Vendor Status
| Vendor | Link |
| JPCERT Coordination Center |
http://www.jpcert.or.jp/pr/2007/pr070003.pdf |
| Cyber Clean Center |
https://www.ccc.go.jp/index.html |
|
https://www.ccc.go.jp/flow/index.html |
References
- Trend Micro Incorporated
http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2061483&id=JP-2061483
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2007.03.12
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | Medium-High - expertise and/or luck required (guessing correctly in medium-sized space, kernel expertise) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2007-000199 |