Vulnerability Name: | CCN-32594 | ||||||
Published: | 2007-02-20 | ||||||
Updated: | 2007-02-20 | ||||||
Summary: | Trend Micro ServerProtect is vulnerable to a multiple stack-based buffer overflows, caused by improper bounds checking by the ENG_SendEMail() and ENG_SetRealTimeScanConfigInfo() functions in the eng50.dll library. By sending a specially-crafted TCP request containing malicious subcode values, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges. | ||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
CVSS v2 Severity: | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: CCN Type: Trend Micro Solution ID: 1034290 [Vulnerability Response] Buffer overflow in ServerProtect Source: CCN Type: TSRT-07-02 Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities Source: XF Type: UNKNOWN serverprotect-eng50-bo(32594) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |