Trend Micro ServerProtect Multiple Remote Overflows

Critical Nessus Plugin ID 25925


It is possible to execute code on the remote host through the AntiVirus Agent.


The remote version of Trend Micro ServerProtect is vulnerable to multiple buffer overflows in the RPC interface. By sending specially crafted requests to the remote host, an attacker may be able to exploit those overflows and execute arbitrary code on the remote host with SYSTEM privileges.


Trend Micro has released a patch for ServerProtect for Windows / NetWare.

See Also

Plugin Details

Severity: Critical

ID: 25925

File Name: trendmicro_serverprotect_multiple2.nasl

Version: $Revision: 1.22 $

Type: remote

Agent: windows

Family: Windows

Published: 2007/08/22

Modified: 2016/11/23

Dependencies: 24679

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:serverprotect

Required KB Items: Antivirus/TrendMicro/ServerProtect

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/07/27

Exploitable With

ExploitHub (EH-12-229)

Reference Information

CVE: CVE-2007-4218, CVE-2007-4219, CVE-2007-4731

BID: 25395, 25396, 25595

OSVDB: 39750, 39751, 39752, 39753, 39754, 45878

CWE: 20, 119, 189