CVE-2007-2508
Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
Múltiples desbordamientos de búfer en la región?? stack de la memoria en Trend Micro ServerProtect versión 5.58 anterior al parche de seguridad 2 Build 1174, permite a los atacantes remotos ejecutar código arbitrario por medio de datos creados para (1) el puerto TCP 5168, que desencadena un desbordamiento en la función CAgRpcClient::CreateBinding en AgRpcCln. en la biblioteca DLL en el archivo SpntSvc.exe; o (2) el puerto TCP 3628, que activa un desbordamiento en el archivo EarthAgent.exe. NOTA: ambos problemas son accesibles por medio de la biblioteca TmRpcSrv.dll.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following DCE/RPC interface through TmRpcSrv.dll:
/* opcode: 0x00, address: 0x65741030 */ error_status_t sub_65741030 ( [in] handle_t arg_1, [in] long arg_2, [in][size_is(arg_4)] byte arg_3[], [in] long arg_4, [out][size_is(arg_6)] byte arg_5[], [in] long arg_6 );
A sub-function within this interface is vulnerable to a stack overflow due an unbounded call to wcscpy() within the routine CAgRpcClient::CreateBinding() defined in AgRpcCln.dll library.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-05-07 CVE Reserved
- 2007-05-07 CVE Published
- 2007-05-07 First Exploit
- 2024-05-26 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/35789 | Vdb Entry | |
| http://osvdb.org/35790 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/488424 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/515616 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/467932/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/467933/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/23868 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34162 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34163 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25186 | 2018-10-16 | |
| http://securitytracker.com/id?1018010 | 2018-10-16 | |
| http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt | 2018-10-16 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/1689 | 2018-10-16 | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-024.html | 2018-10-16 | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-025.html | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trend Micro Search vendor "Trend Micro" | Serverprotect Search vendor "Trend Micro" for product "Serverprotect" | <= 5.58 Search vendor "Trend Micro" for product "Serverprotect" and version " <= 5.58" | - |
Affected
| ||||||