Remote Code Execution Vulnerability in Trend Micro ServerProtect 5.58
CVE-2007-6507

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Serverprotect
Vendor: CVE Published:; 20 December 2007

Summary

The SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, prior to Security Patch 4, is vulnerable due to the exposure of dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface. This flaw allows remote attackers to gain full file system access and execute arbitrary code, compromising the integrity and security of the affected system.

References

http://osvdb.org/44318

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/26912

vdb-entryx_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-07-077.html

x_refsource_MISC

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 20, 2007
Vulnerability Reserved
Dec 20, 2007