CVE-2011-5001

Description

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.

References

http://secunia.com/advisories/47114

http://www.securityfocus.com/archive/1/520780/100/0/threaded

http://www.securitytracker.com/id?1026390

http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt

http://www.zerodayinitiative.com/advisories/ZDI-11-345/

https://exchange.xforce.ibmcloud.com/vulnerabilities/71681

Details

Source: MITRE

Published: 2011-12-25

Modified: 2018-10-09

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
57765	Trend Micro Control Manager CmdProcessor.exe Remote Buffer Overflow (uncredentialed check)	Nessus	Gain a shell remotely	critical
57062	Trend Micro Control Manager CmdProcessor.exe Remote Buffer Overflow	Nessus	Windows	high