CVE Vulnerabilities

CVE-2007-3873

Published: Aug 22, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.

Affected Software

Name Vendor Start Version End Version
Pc-cillin_internet_security_2007 Trend_micro 15.3 15.3
Pc-cillin_internet_security_2007 Trend_micro 15.0 15.0
Antispyware Trend_micro 3.5 3.5
Pc-cillin_internet_security_2007 Trend_micro 15.2 15.2
Pc-cillin_internet_security_2007 Trend_micro 15.2_patch 15.2_patch

References