Trend Micro ServerProtect AgRpcCln.dll Buffer Overflow
Critical Nessus Plugin ID 25171
SynopsisThe remote service is vulnerable to a remote buffer overflow attack.
DescriptionThe remote version of Trend Micro ServerProtect is vulnerable to a stack overflow involving the 'wcscpy' function of the routine 'CAgRpcClient::CreateBinding' in AgRpcCln.dll library. An unauthenticated, remote attacker may be able to leverage this issue with specially crafted RPC requests to its SpntSvc.exe daemon to execute arbitrary code on the remote host.
Note that by default, Trend Micro services run with LocalSystem privileges.
SolutionApply Security Patch 3 - Build 1176 or later.