Trend Micro ServerProtect AgRpcCln.dll Buffer Overflow

Critical Nessus Plugin ID 25171


The remote service is vulnerable to a remote buffer overflow attack.


The remote version of Trend Micro ServerProtect is vulnerable to a stack overflow involving the 'wcscpy' function of the routine 'CAgRpcClient::CreateBinding' in AgRpcCln.dll library. An unauthenticated, remote attacker may be able to leverage this issue with specially crafted RPC requests to its SpntSvc.exe daemon to execute arbitrary code on the remote host.

Note that by default, Trend Micro services run with LocalSystem privileges.


Apply Security Patch 3 - Build 1176 or later.

See Also

Plugin Details

Severity: Critical

ID: 25171

File Name: trendmicro_serverprotect_agrpccln_overflow.nasl

Version: $Revision: 1.17 $

Type: remote

Agent: windows

Family: Windows

Published: 2007/05/09

Modified: 2016/11/03

Dependencies: 24679

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:serverprotect

Required KB Items: Antivirus/TrendMicro/ServerProtect

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/04/13

Vulnerability Publication Date: 2007/05/08

Exploitable With

Metasploit (Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow)

Reference Information

CVE: CVE-2007-2528

BID: 23868

OSVDB: 35793