Trend Micro ServerProtect AgRpcCln.dll Buffer Overflow

critical Nessus Plugin ID 25171

Synopsis

The remote service is vulnerable to a remote buffer overflow attack.

Description

The remote version of Trend Micro ServerProtect is vulnerable to a stack overflow involving the 'wcscpy' function of the routine 'CAgRpcClient::CreateBinding' in AgRpcCln.dll library. An unauthenticated, remote attacker may be able to leverage this issue with specially crafted RPC requests to its SpntSvc.exe daemon to execute arbitrary code on the remote host.

Note that by default, Trend Micro services run with LocalSystem privileges.

Solution

Apply Security Patch 3 - Build 1176 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-025/

https://seclists.org/bugtraq/2007/May/89

http://www.nessus.org/u?6b7dccdd

Plugin Details

Severity: Critical

ID: 25171

File Name: trendmicro_serverprotect_agrpccln_overflow.nasl

Version: 1.19

Type: remote

Agent: windows

Family: Windows

Published: 5/9/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:trend_micro:serverprotect

Required KB Items: Antivirus/TrendMicro/ServerProtect

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2007

Vulnerability Publication Date: 5/8/2007

Exploitable With

Metasploit (Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow)

Reference Information

CVE: CVE-2007-2528

BID: 23868