Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution

This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.


Synopsis :

It is possible to execute code on the remote host through the
antivirus agent.

Description :

The remote version of Trend Micro ServerProtect exposes multiple
insecure methods through its RPC interface that let an unauthenticated
remote attacker list, read and write to arbitrary files on the
affected host.

By sending legitimate requests to the remote service, an attacker may
be able to exploit those functions to execute code with SYSTEM
privileges.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-07-077.html
http://seclists.org/bugtraq/2007/Dec/220

Solution :

Reports suggest that the issues have been addressed in Security Patch
5 rather than 4 as ZDI states.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 29724 ()

Bugtraq ID: 26912

CVE ID: CVE-2007-6507

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now