CVE-2005-1929

high

Description

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.

References

http://www.vupen.com/english/advisories/2005/2907

http://www.securityfocus.com/bid/15866

http://www.securityfocus.com/bid/15865

http://www.osvdb.org/21772

http://www.osvdb.org/21771

http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities

http://securitytracker.com/id?1015358

http://securityreason.com/securityalert/257

http://securityreason.com/securityalert/256

http://secunia.com/advisories/18038

http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039978.html

http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039972.html

Details

Source: Mitre, NVD

Published: 2005-12-14

Updated: 2011-03-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High