An attacker could create a directory structure on the local file system or within a zip file and cause an anti virus client denial of service. A successful attack would disable the anti virus software and could allow an attacker to permanently disable anti virus.
Trend Micro AntiVirus products provide antivirus,
content security, and outbreak management for servers and
Trend Micro OfficeScan
is a centralized virus and security scan management system.
OfficeScan Server cgiRecvFile Buffer Overflow
There exists a buffer overflow vulnerability in Trend Micro's OfficeScan.
The flaw is due to a boundary error when handling HTTP requests.
An unauthenticated remote attacker can leverage this vulnerability to inject and execute arbitrary code with System level privileges on the target system.
The OfficeScan Server cgiRecvFile Buffer Overflow vulnerability was
http://www.securityfocus.com/bid/31139 Bugtraq ID 31139.
To fix the OfficeScan Server cgiRecvFile Buffer Overflow,
Trend Micro OfficeScan 8.0 Critical Patch - Server Build 1361, Trend Micro OfficeScan 8.0 Service Pack 1 Critical Patch - Server Build 2424,
Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1 Critical Patch - Server Build 3060, or Trend Micro OfficeScan 7.3 Critical Patch - Server Build 1367.
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact