Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution
Critical Nessus Plugin ID 29724
SynopsisIt is possible to execute code on the remote host through the antivirus agent.
DescriptionThe remote version of Trend Micro ServerProtect exposes multiple insecure methods through its RPC interface that let an unauthenticated remote attacker list, read and write to arbitrary files on the affected host.
By sending legitimate requests to the remote service, an attacker may be able to exploit those functions to execute code with SYSTEM privileges.
SolutionReports suggest that the issues have been addressed in Security Patch 5 rather than 4 as ZDI states.