• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Trend Micro ServerProtect Multiple Remote Insecure Method Exposure Vulnerabilities

Trend Micro ServerProtect is prone to multiple vulnerabilities that let remote attackers gain full access to the filesystem. The issues occur because the application fails to properly restrict access to certain DCE/RPC methods.

With full access to the filesystem, attackers may be able to execute arbitrary code with SYSTEM-level privileges and completely compromise affected computers.

These issues were reported to affect ServerProtect 5.58 (Security Patch 3). Earlier versions may also be affected.

Reports indicate that these vulnerabilities have been fixed in Security Patch 4.

UPDATE (August 14, 2008): Reports indicate that Security Patch 4 is still vulnerable, but Security Patch 5 is not.