MS-RPC: Trend Micro ServerProtect Multiple Buffer Overflows
This signature detects attempts to exploit a known vulnerability in the Trend Micro ServerProtect. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Extended Description
Trend Micro ServerProtect is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting these issues allows attackers to execute arbitrary machine code with SYSTEM-level privileges.
Affected Products
Trend_micro serverprotect_for_windows
References
CVE: CVE-2007-4218
URL: http://www.kb.cert.org/vuls/id/349393 http://www.securityfocus.com/archive/1/archive/1/460690/100/0/threaded http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=587 http://esupport.trendmicro.com/support/viewxml.do?contentid=en-1034290 http://www.tippingpoint.com/security/advisories/tsrt-07-02.html http://www.tippingpoint.com/security/advisories/tsrt-07-01.html
Short Name
MS-RPC:TREND-MICRO-RPC
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
Buffer CVE-2007-1070 CVE-2007-4218 Micro Multiple Overflows ServerProtect Trend bid:22639 bid:25395
Release Date
02/22/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Trend_micro
CVSS Score
10.0