Vulnerability Note VU#959400

Trend Micro ServerProtect Integer Overflow Vulnerability

Original Release date: 23 Aug 2007 | Last revised: 23 Aug 2007

Overview

Trend Micro ServerProtect contains an integer overflow vulnerability that may allow a remote attacker to execute arbitrary code.

Description

Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with centralized management of multiple servers. The ServerProtect architecture includes a management console, information server, and the server which has ServerProtect installed.

The ServerProtect executable that runs on the server being protected by the anti-virus engine is called SpntSvc.exe. This executable uses the StRpcSrv.dll library to handle RPC requests on 5168/tcp.

The ServerProtect component contains an integer overflow vulnerability within the RPC function RPCFN_SYNC_TASK. A remote, unauthenticated attacker may be able to trigger the overflow by sending malformed RPC request to a vulnerable system.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

Solution

Update

Trend Micro has addressed this vulnerability in Security Patch 4 - Build 1185.


Restrict Access

Restricting network access to 5168/tcp to trusted hosts may mitigate this vulnerability.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Trend MicroAffected-23 Aug 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Jun Mao (iDefense Labs).

This document was written by Joseph Pruszynski.

Other Information

  • CVE IDs: CVE-2007-4219
  • Date Public: 21 Aug 2007
  • Date First Published: 23 Aug 2007
  • Date Last Updated: 23 Aug 2007
  • Severity Metric: 5.57
  • Document Revision: 26

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.