Vulnerability

    PC-Cillin

Affected

    PC-Cillin 6.x

Description

    Daniel P. Stasinski found following.  Version 6.x of Trend Micro's
    PC-Cillin Anti-Virus  software can  be subjected  to a  remote DoS
    attack  and  possibly   authorized  relays.    As  part  of   it's
    Java/ActiveX protection, it routes  all http requests through  its
    own internal proxy on port 8431.  Unfortunately, it allows  anyone
    anywhere to connect to that  port and dump enough data  through it
    to  saturate  an  unexpected  victims  connection.    Their tech's
    could not  confirm or  deny if  remote users  are able  to get  an
    outbound connection from the victims system.

Solution

    Trend Micro has been contacted  and they are aware of  the problem
    but have  no plans  for a  hot patch.   They did  say it  would be
    fixed in the next major release (v7.0 ?).