APP: Trend Micro ServerProtect RPC Stack Overflow
This signature detects attempts to exploit a known vulnerability in the Trend Micro ServerProtect EarthAgent. A successful attack can lead to a buffer overflow and arbitrary remote code execution as SYSTEM.
Extended Description
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
Affected Products
Trend_micro serverprotect
Short Name
APP:TMIC:TREND-SP
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2007-2508 Micro Overflow RPC ServerProtect Stack Trend bid:23866
Release Date
06/14/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/3628,5168
False Positive
Unknown
Vendors
Trend_micro
CVSS Score
10.0