Trend Micro Control Manager mrf.exe Stack Overflow

critical Nessus Plugin ID 52044

Synopsis

An application affected by a stack overflow vulnerability is installed on the remote host.

Description

The Trend Micro Control Manager installed on the remote Windows host includes a version of the Message Routing Framework module (mrf.exe) that fails to perform sufficient boundary checks on attacker- controlled data before using to construct an error message. An attacker may be able to leverage this issue to execute arbitrary code on the remote system.

Solution

Upgrade to Trend Micro Control Manager 5.0 Build 2017 / 5.5 Build 1318 and ensure that the file version of the associated mrf.exe is 1.12.0.1156.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-10-301/

https://seclists.org/fulldisclosure/2011/Jan/314

http://www.nessus.org/u?c969cad7

http://www.nessus.org/u?b358a190

Plugin Details

Severity: Critical

ID: 52044

File Name: trendmicro_control_manager_stack_overflow.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 2/21/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:trend_micro:control_manager

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 12/16/2010

Vulnerability Publication Date: 12/17/2010

Reference Information

BID: 45843