Stack-based Buffer Overflow in Trend Micro Control Manager 5.5
CVE-2011-5001

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Control Manager
Vendor: CVE Published:; 25 December 2011

Summary

A buffer overflow vulnerability exists in the CGenericScheduler::AddTask function within cmdHandlerRedAlertController.dll of Trend Micro Control Manager 5.5 prior to Build 1613. This flaw allows remote attackers to execute arbitrary code by sending a specially crafted Inter-Process Communication (IPC) packet to TCP port 20101. Proper validation of input data is essential to prevent exploitation.

References

http://www.securityfocus.com/archive/1/520780/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id?1026390

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/71681

vdb-entryx_refsource_XF

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 25, 2011
Vulnerability Reserved
Dec 24, 2011