Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities

Trend Micro ServerProtect is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Nine buffer-overflow vulnerabilities affect the 'SpntSvc.exe' and agent services that listen on TCP ports 5168 and 3628. Attackers may exploit these vulnerabilities over RPC interfaces that are exposed by the vulnerable application.

Exploiting these issues allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service.

These issues were reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus