


                                                   JPCERT-AT-2007-0004
                                                             JPCERT/CC
                             February 10, 2007 (Original release date)

                  <<< JPCERT/CC Alert 2007-02-10 >>>

                     Vulnerability in CCC Cleaner

                http://www.jpcert.or.jp/at/2007/at070004.txt

I. Overview


  "CCC Cleaner," provided by Cyber Clean Center
(https://www.ccc.go.jp/), using the Trend Micro AntiVirus scanning 
engine, is affected by a "buffer overflow vulnerability in scanning
UPX archived files" found in the scanning engine.

  This vulnerability can cause an exception error or abnormal OS
termination. For more information on this vulnerability, see the
following URL.

   Alert/Advisory: Buffer overflow vulnerability in the AntiVirus
scanning engine VSAPI 8.0 and later versions in scanning UPX archived
files:
   http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2061390&id=JP-2061390


II. Systems Affected

  The products of the following version provided during the period
from January 25, 2007 to February 9, 2007 are affected by this
vulnerability:

     CCC Cleaner (CCC Pattern Ver: 185)

  If the "CCC Cleaner" folder created at the time of execution
contains the following file, the product is affected by this
vulnerability.

     File name: lpt$vpn.185


III. Solution

  Users should stop using vulnerable "CCC Cleaner" products. Also,
users should delete the downloaded file (CCC.com) and the "CCC
Cleaner" folder created when executing it.


IV. Reference Information

   JP Vendor Status Notes JVNVU#276432
   Trend Micro AntiVirus fails to properly process malformed UPX
     packed executables
   http://jvn.jp/cert/JVNVU%23276432/index.html

   Information on Vulnerability of "CCC Cleaner" Provided at Cyber
     Clean Center
   http://www.jpcert.or.jp/pr/2007/pr070002.pdf

   [Vulnerability Confirmation] Antivirus UPX Parsing Kernel Buffer
     Overflow Vulnerability
   http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289


V. Contact

   Personnel in charge of Cyber Clean Center
   JPCERT Coordination Center
   mail: office@jpcert.or.jp


End

======================================================================
JPCERT Coordination Center (JPCERT/CC)
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/