Buffer Overflow Vulnerabilities in Trend Micro ServerProtect for Windows
CVE-2007-4218

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Serverprotect
Vendor: CVE Published:; 22 August 2007

Summary

Multiple buffer overflow vulnerabilities exist in the ServerProtect service (SpntSvc.exe) of Trend Micro ServerProtect for Windows. These vulnerabilities can be exploited remotely via crafted RPC requests sent to specific TCP ports processed by various functions in the application's DLLs. Attackers could manipulate the vulnerable RPC functions—such as RPCFN_ENG_NewManualScan and RPCFN_SetComputerName—resulting in arbitrary code execution. Users are urged to update to version 5.58 Security Patch 4 or later to mitigate these risks.

References

http://www.kb.cert.org/vuls/id/109056

third-party-advisoryx_refsource_CERT-VN

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

https://exchange.xforce.ibmcloud.com/vulnerabilities/36174

vdb-entryx_refsource_XF

EPSS Score

58% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 22, 2007
Vulnerability Reserved
Aug 8, 2007