CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2007-0073
https://notcve.org/view.php?id=CVE-2007-0073
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC. Desbordamiento de búfer en memoria libre para la reserva dinámica (heap) en un procedimiento no especificado de Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, posiblemente relacionados con una operación de lectura de un fichero sobre RPC. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/309.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/39050 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2007-6507 – Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2007-6507
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. El demonio SpntSvc.exe en Trend Micro ServerProtect 5.58 para Windows, anterior al Security Patch 4, expone sub-funciones peligrosas no especificadas de StRpcSrv.dll en la interfaz DCE/RPC, lo cual permite a atacantes remotos obtener "acceso completo al sistema de ficheros" y ejecutar código de su elección. These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following DCE/RPC interface through TmRpcSrv.dll: /* opcode: 0x00, address: 0x65741030 */ error_status_t sub_65741030 ( [in] handle_t arg_1, [in] long arg_2, [in][size_is(arg_4)] byte arg_3[], [in] long arg_4, [out][size_is(arg_6)] byte arg_5[], [in] long arg_6 ); Various sub-functions from StRpcSrv.dll are exposed in this interface and allow for full file system access that can be trivially leveraged to executed arbitrary code. • http://osvdb.org/44318 http://secunia.com/advisories/26523 http://securityreason.com/securityalert/3475 http://www.securityfocus.com/archive/1/485250/100/0/threaded http://www.securityfocus.com/bid/26912 http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt http://www.zerodayinitiative.com/advisories/ZDI-07-077.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 0CVE-2007-4731 – Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-4731
Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005. Desbordamiento de búfer basado en pila en la función TMregChange de TMReg.dll de Trend Micro SErverProtect anterir a 5.58 Security Patch 4 permite a atacantes remotos ejecutar código de su elección mediante un paquete manipulado al puerto TCP 5005. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange() exported by TMReg.dll which is reachable through the custom protocol subcode "\x15\x00\x00\x00". The TCP socket bound to port 5005 receives user-supplied data which is copied without proper bounds checking to a stack-based buffer. • http://osvdb.org/45878 http://securityreason.com/securityalert/3128 http://securitytracker.com/id?1018594 http://www.securityfocus.com/archive/1/478867/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-07-051.html https://exchange.xforce.ibmcloud.com/vulnerabilities/36512 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4490
https://notcve.org/view.php?id=CVE-2007-4490
Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. Múltiples desbordamientos de búfer en EarthAgent.exe de Trend Micro ServerProtect 5.58 para Windows anterior al Parche de Seguridad 4 permite a atacantes remotos tener un impacto desconocido mediante ciertas llamadas a funciones RPC a (1) RPCFN_EVENTBACK_DoHotFix o (2) CMD_CHANGE_AGENT_REGISTER_INFO. • http://secunia.com/advisories/26523 http://securityreason.com/securityalert/3052 http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt http://www.vupen.com/english/advisories/2007/2934 https://exchange.xforce.ibmcloud.com/vulnerabilities/36181 •
CVSS: 10.0EPSS: 89%CPEs: 1EXPL: 0CVE-2007-4219
https://notcve.org/view.php?id=CVE-2007-4219
Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en la función RPCFN_SYNC_TASK de la biblioteca StRpcSrv.dll, tal y como es usada en el servicio ServerProtect (archivo SpntSvc.exe), en Trend Micro ServerProtect para Windows versiones anteriores a 5.58 Parche de Seguridad 4, permite a atacantes remotos ejecutar código arbitrario por medio de un determinado campo de enteros en un paquete de petición hacia el puerto TCP 5168, lo que desencadena un desbordamiento de búfer. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588 http://secunia.com/advisories/26523 http://securityreason.com/securityalert/3052 http://securitytracker.com/id?1018594 http://www.kb.cert.org/vuls/id/959400 http://www.securityfocus.com/bid/25396 http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt http://www.us-cert.gov/cas/techalerts/TA07-235A.html http://www.vupen.com/english/advisories/2007/2934 https://exchange.xf • CWE-189: Numeric Errors •