Vulnerability Note VU#630025
Trend Micro ServerProtect fails ENG_SetRealTimeScanConfigInfo() stack buffer overflow
Trend Micro ServerProtect contains a stack-based buffer overflow.
Trend Micro ServerProtect fails to properly handle data passed to the ENG_SetRealTimeScanConfigInfo()routine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially crafted RPC packet to an affected Trend Micro ServerProtect installation.
For more information refer to Trend Micro Solution ID: 1034290.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Apply a patch
Trend Micro has addressed this vulnerability with Security Patch 1- Build 1171.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Trend Micro||Affected||-||21 Feb 2007|
CVSS Metrics (Learn More)
This vulnerability was reported by Pedram Amini of Tipping Point Security Research Team.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2007-1070
- Date Public: 20 Feb 2007
- Date First Published: 21 Feb 2007
- Date Last Updated: 21 Feb 2007
- Severity Metric: 28.69
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.