| Vulnerability Name: | CVE-2007-4218 (CCN-36172) | ||||||||
| Assigned: | 2007-08-21 | ||||||||
| Published: | 2007-08-21 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-189 CWE-119 CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4218 Source: IDEFENSE Type: UNKNOWN 20070821 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Source: CCN Type: SA26523 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 26523 Source: SREASON Type: UNKNOWN 3052 Source: CCN Type: SECTRACK ID: 1018594 Trend Micro ServerProtect Buffer Overflows in ServerProtect Modules Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1018594 Source: CCN Type: US-CERT VU#109056 Trend Micro ServerProtect RPC buffer overflows Source: CERT-VN Type: US Government Resource VU#109056 Source: CCN Type: US-CERT VU#204448 Trend Micro ServerProtect Agent service RPC stack-buffer overflow Source: CERT-VN Type: US Government Resource VU#204448 Source: BUGTRAQ Type: UNKNOWN 20070907 ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability Source: BID Type: Patch 25395 Source: CCN Type: BID-25395 Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities Source: CCN Type: Trend Micro Web site Product Updates Source: CONFIRM Type: UNKNOWN http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt Source: CERT Type: US Government Resource TA07-235A Source: VUPEN Type: Vendor Advisory ADV-2007-2934 Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-07-050.html Source: XF Type: UNKNOWN serverprotect-strpcsrv-bo(36172) Source: XF Type: UNKNOWN serverprotect-strpcsrv-bo(36172) Source: XF Type: UNKNOWN serverprotect-stcommondll-bo(36174) Source: XF Type: UNKNOWN serverprotect-eng50dll-bo(36175) Source: XF Type: UNKNOWN serverprotect-notification-bo(36176) Source: XF Type: UNKNOWN serverprotect-agent-rpcfncopyausrc-bo(36178) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.21.07 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Source: CCN Type: ZDI-07-050 Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2007-4218 (CCN-36174) | ||||||||
| Assigned: | 2007-08-21 | ||||||||
| Published: | 2007-08-21 | ||||||||
| Updated: | 2007-08-21 | ||||||||
| Summary: | Trend Micro ServerProtect is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the RPCFN_CMON_SetSvcImpersonateUser and RPCFN_OldCMON_SetSvcImpersonateUser functions in the Stcommon.dll library. By sending a specially-crafted RPC request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4218 Source: CCN Type: SA26523 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Source: CCN Type: SECTRACK ID: 1018594 Trend Micro ServerProtect Buffer Overflows in ServerProtect Modules Let Remote Users Execute Arbitrary Code Source: CCN Type: US-CERT VU#109056 Trend Micro ServerProtect RPC buffer overflows Source: CCN Type: US-CERT VU#204448 Trend Micro ServerProtect Agent service RPC stack-buffer overflow Source: CCN Type: BID-25395 Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities Source: CCN Type: Trend Micro Web site Product Updates Source: XF Type: UNKNOWN serverprotect-stcommondll-bo(36174) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.21.07 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities | ||||||||
| Vulnerability Name: | CVE-2007-4218 (CCN-36175) | ||||||||
| Assigned: | 2007-08-21 | ||||||||
| Published: | 2007-08-21 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 CWE-119 CWE-189 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4218 Source: CCN Type: SA26523 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Source: CCN Type: SECTRACK ID: 1018594 Trend Micro ServerProtect Buffer Overflows in ServerProtect Modules Let Remote Users Execute Arbitrary Code Source: CCN Type: US-CERT VU#109056 Trend Micro ServerProtect RPC buffer overflows Source: CCN Type: US-CERT VU#204448 Trend Micro ServerProtect Agent service RPC stack-buffer overflow Source: CCN Type: BID-25395 Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities Source: CCN Type: Trend Micro Web site Product Updates Source: XF Type: UNKNOWN serverprotect-eng50dll-bo(36175) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.21.07 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities | ||||||||
| Vulnerability Name: | CVE-2007-4218 (CCN-36176) | ||||||||
| Assigned: | 2007-08-21 | ||||||||
| Published: | 2007-08-21 | ||||||||
| Updated: | 2007-08-21 | ||||||||
| Summary: | Trend Micro ServerProtect is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the NTF_SetPagerNotifyConfig function in the Notification.dll library. By sending a specially-crafted RPC request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4218 Source: CCN Type: SA26523 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Source: CCN Type: SECTRACK ID: 1018594 Trend Micro ServerProtect Buffer Overflows in ServerProtect Modules Let Remote Users Execute Arbitrary Code Source: CCN Type: US-CERT VU#109056 Trend Micro ServerProtect RPC buffer overflows Source: CCN Type: US-CERT VU#204448 Trend Micro ServerProtect Agent service RPC stack-buffer overflow Source: CCN Type: BID-25395 Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities Source: CCN Type: Trend Micro Web site Product Updates Source: XF Type: UNKNOWN serverprotect-notification-bo(36176) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.21.07 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities | ||||||||
| Vulnerability Name: | CVE-2007-4218 (CCN-36178) | ||||||||
| Assigned: | 2007-08-21 | ||||||||
| Published: | 2007-08-21 | ||||||||
| Updated: | 2007-08-21 | ||||||||
| Summary: | Trend ServerProtect Agent service is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the RPCFN_CopyAUSrc function. By sending a specially-crafted RPC request to the SpntSvc.exe service on TCP port 3628, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4218 Source: CCN Type: SA26523 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Source: CCN Type: SECTRACK ID: 1018594 Trend Micro ServerProtect Buffer Overflows in ServerProtect Modules Let Remote Users Execute Arbitrary Code Source: CCN Type: US-CERT VU#109056 Trend Micro ServerProtect RPC buffer overflows Source: CCN Type: US-CERT VU#204448 Trend Micro ServerProtect Agent service RPC stack-buffer overflow Source: CCN Type: BID-25395 Trend Micro ServerProtect Multiple RPC Remote Buffer Overflow Vulnerabilities Source: CCN Type: Trend Micro Web site Product Updates Source: XF Type: UNKNOWN serverprotect-agent-rpcfncopyausrc-bo(36178) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 08.21.07 Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities | ||||||||
| BACK | |||||||||