Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution Vulnerability
BID:50965
Info
Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution Vulnerability
| Bugtraq ID: | 50965 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-5001 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 07 2011 12:00AM |
| Updated: | Feb 24 2012 08:20AM |
| Credit: | Luigi Auriemma |
| Vulnerable: |
Trend Micro Control Manager 5.5 Trend Micro Control Manager 5.0 |
| Not Vulnerable: | |
Discussion
Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution Vulnerability
Trend Micro Control Manager is prone to a remote code-execution vulnerability.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the SYSTEM user. Failed attacks will cause denial-of-service conditions.
Trend Micro Control Manager 5.0 and 5.5 are vulnerable; other versions may also be affected.
Trend Micro Control Manager is prone to a remote code-execution vulnerability.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the SYSTEM user. Failed attacks will cause denial-of-service conditions.
Trend Micro Control Manager 5.0 and 5.5 are vulnerable; other versions may also be affected.
Exploit / POC
Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution Vulnerability
References:
References:
- Control Manager 5.5 Release Notes (Trend Micro)
- Trend Micro Control Manager Homepage (Trend Micro)
- TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulner (TippingPoint)