Vulnerability Note VU#630025
Trend Micro ServerProtect fails ENG_SetRealTimeScanConfigInfo() stack buffer overflow
Overview
Trend Micro ServerProtect contains a stack-based buffer overflow.
Description
Trend Micro ServerProtect fails to properly handle data passed to the ENG_SetRealTimeScanConfigInfo()routine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially crafted RPC packet to an affected Trend Micro ServerProtect installation. For more information refer to Trend Micro Solution ID: 1034290. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. |
Solution
Apply a patch Trend Micro has addressed this vulnerability with Security Patch 1- Build 1171. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Trend Micro | Affected | - | 21 Feb 2007 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
- http://www.tippingpoint.com/security/advisories/TSRT-07-01.html
- http://www.tippingpoint.com/security/advisories/TSRT-07-02.html
Credit
This vulnerability was reported by Pedram Amini of Tipping Point Security Research Team.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: CVE-2007-1070
- Date Public: 20 Feb 2007
- Date First Published: 21 Feb 2007
- Date Last Updated: 21 Feb 2007
- Severity Metric: 28.69
- Document Revision: 5
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.