Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
BID:25396
Info
Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
| Bugtraq ID: | 25396 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4219 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 21 2007 12:00AM |
| Updated: | Sep 05 2007 05:12PM |
| Credit: | Discovery is credited to Jun Mao of iDefense Labs. |
| Vulnerable: |
Trend Micro ServerProtect for Windows 5.58 |
| Not Vulnerable: | |
Discussion
Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
Trend Micro ServerProtect is prone to an interger-overflow vulnerability that is exploitable over RPC.
Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.
This issue was reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.
Trend Micro ServerProtect is prone to an interger-overflow vulnerability that is exploitable over RPC.
Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.
This issue was reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.
Exploit / POC
Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
Solution:
The vendor has released Security Patch 4 to address these issues. Please see the references for more information.
Solution:
The vendor has released Security Patch 4 to address these issues. Please see the references for more information.
References
Trend Micro ServerProtect RPCFN_SYNC_TASK Remote Integer Vulnerability
References:
References:
- ServerProtect Security Patch 4 (Trend Micro)
- Trend Micro Homepage (Trend Micro)
- iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK (iDefense Labs
- VU#959400 Trend Micro ServerProtect Integer Overflow Vulnerability (US-CERT)