CVE-2008-0014
https://notcve.org/view.php?id=CVE-2008-0014
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. Un Desbordamiento de búfer en la memoria libre para la reserva dinámica (heap) en un procedimiento no especificado de Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, posiblemente relacionados con la configuración del producto, una vulnerabilidad diferente que CVE-2008-0012 y CVE-2008-0013. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/310.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/39920 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-5269
https://notcve.org/view.php?id=CVE-2006-5269
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface. Desbordamiento de búfer en la memoria libre para la reserva dinámica (heap) en un procedimiento no especificado de Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, probablemente relacionados con una interfaz RPC. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/308.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/31113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0012
https://notcve.org/view.php?id=CVE-2008-0012
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. Desbordamiento de búfer en la memoria libre para la reserva dinámica (heap) en un procedimiento desconocido de Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, posiblemente relacionados con la configuración del producto, una vulnerabilidad diferente de CVE-2008-0012 y CVE-2008-0013. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/310.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/39918 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4731 – Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-4731
Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005. Desbordamiento de búfer basado en pila en la función TMregChange de TMReg.dll de Trend Micro SErverProtect anterir a 5.58 Security Patch 4 permite a atacantes remotos ejecutar código de su elección mediante un paquete manipulado al puerto TCP 5005. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange() exported by TMReg.dll which is reachable through the custom protocol subcode "\x15\x00\x00\x00". The TCP socket bound to port 5005 receives user-supplied data which is copied without proper bounds checking to a stack-based buffer. • http://osvdb.org/45878 http://securityreason.com/securityalert/3128 http://securitytracker.com/id?1018594 http://www.securityfocus.com/archive/1/478867/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-07-051.html https://exchange.xforce.ibmcloud.com/vulnerabilities/36512 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-2508 – Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2508
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll. Múltiples desbordamientos de búfer en la región?? stack de la memoria en Trend Micro ServerProtect versión 5.58 anterior al parche de seguridad 2 Build 1174, permite a los atacantes remotos ejecutar código arbitrario por medio de datos creados para (1) el puerto TCP 5168, que desencadena un desbordamiento en la función CAgRpcClient::CreateBinding en AgRpcCln. en la biblioteca DLL en el archivo SpntSvc.exe; o (2) el puerto TCP 3628, que activa un desbordamiento en el archivo EarthAgent.exe. NOTA: ambos problemas son accesibles por medio de la biblioteca TmRpcSrv.dll. • https://www.exploit-db.com/exploits/16828 https://www.exploit-db.com/exploits/16829 https://www.exploit-db.com/exploits/29964 http://osvdb.org/35789 http://osvdb.org/35790 http://secunia.com/advisories/25186 http://securitytracker.com/id?1018010 http://www.kb.cert.org/vuls/id/488424 http://www.kb.cert.org/vuls/id/515616 http://www.securityfocus.com/archive/1/467932/100/0/threaded http://www.securityfocus.com/archive/1/467933/100/0/threaded http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •