Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Antispyware | Trend_micro | 3.5 (including) | 3.5 (including) |
| Pc-cillin_internet_security_2007 | Trend_micro | 15.0 (including) | 15.0 (including) |
| Pc-cillin_internet_security_2007 | Trend_micro | 15.2 (including) | 15.2 (including) |
| Pc-cillin_internet_security_2007 | Trend_micro | 15.2_patch (including) | 15.2_patch (including) |
| Pc-cillin_internet_security_2007 | Trend_micro | 15.3 (including) | 15.3 (including) |