hey all, i found this today and i know some of you use this program so i thought id post it so you can secure it and not have to worry. The hole story is here:

Trend Micro PC-cillin Scanner Buffer Overflow May Let Local Users Gain Elevated Privileges

SecurityTracker Alert ID: 1005781
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Dec 10 2002

Impact: Execution of arbitrary code via local system, User access via local system

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): 2000, 2002, 2003

Description: A buffer overflow vulnerability was reported in Trend Micro's PC-cillin e-mail scanner. A local user could execute arbitrary code, possibly to gain elevated privileges.

Texonet reported that there is a buffer overflow in pop3trap.exe. According to the report, a local user could connect to the local port 110 and send a specially crafted string to trigger the overflow and overwrite the EIP register. This could cause arbitrary code to be executed with the privileges of the user running pop3trap.exe.

Some demonstration exploit examples are provided:

Example 1: perl -e " print \"a\"x1100" |nc 110

Example 2:[put 1100 a's here]

Impact: A local user can execute arbitrary code with the privileges of the user runnin PC-cillin.

Solution: The vendor has released a fix. For users of PC-cillin 2000, Trend Micro recommend that you upgrade to PC-cillin 2002 or 2003 and apply the Service Packs listed below.

For users of PC-cillin 2002 and 2003:

1. Download the appropriate Service Pack:

For PC-cillin 2003: 2003_pop3_1163en.zip (For English), 388.1KB:


For PC-cillin 2002: 2002_pop3_1357en.zip (For English), 183.8KB:


Then, unzip the contents of the service pack into a temporary directory. For more information on how to extract the contents of a ZIP file, refer to Solution 12254:


Then, Double-click the executable file (or *.exe) to replace your existing POP3 trap. You can refer to the readme.txt file included in the service pack for more information.

German, French, Spanish and Italian versions of the Hotfix against the buffer overflow vulnerability, can be found in Solution 13009:


For additional information, see the Vendor's advisory at:


Vendor URL: kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982 (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Reported By: advisories@texonet.com (advisories@texonet.com)