Trend Micro Control Manager CmdProcessor.exe Remote Buffer Overflow

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web application that allows remote
code execution.

Description :

The Trend Micro Control Manager install on the remote Windows host is
missing Critical Patch 1613. As such, the included CmdProcessor.exe
component is affected by a remote stack-based buffer overflow
vulnerability in the 'CGenericScheduler::AddTask' function of
cmdHandlerRedAlertController.dll. By sending a specially crafted IPC
packet to the service, which listens by default on TCP port 20101, an
unauthenticated, remote attacker could leverage this issue to execute
arbitrary code in the context of the user under which the service
runs, which is SYSTEM by default.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-345
http://seclists.org/fulldisclosure/2011/Dec/204
http://www.nessus.org/u?5a60584c

Solution :

Upgrade to Trend Micro Control Manager 5.5 if necessary and apply
Critical Patch 1613.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 57062 ()

Bugtraq ID: 50965

CVE ID: CVE-2011-5001

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now