Trend Micro Control Manager mrf.exe Stack Overflow

Critical Nessus Plugin ID 52044


An application affected by a stack overflow vulnerability is installed on the remote host.


The Trend Micro Control Manager installed on the remote Windows host includes a version of the Message Routing Framework module (mrf.exe) that fails to perform sufficient boundary checks on attacker- controlled data before using to construct an error message. An attacker may be able to leverage this issue to execute arbitrary code on the remote system.


Upgrade to Trend Micro Control Manager 5.0 Build 2017 / 5.5 Build 1318 and ensure that the file version of the associated mrf.exe is

See Also

Plugin Details

Severity: Critical

ID: 52044

File Name: trendmicro_control_manager_stack_overflow.nasl

Version: $Revision: 1.6 $

Type: local

Agent: windows

Family: Windows

Published: 2011/02/21

Modified: 2016/11/03

Dependencies: 10456, 13855

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:trend_micro:control_manager

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/12/16

Vulnerability Publication Date: 2010/12/17

Reference Information

BID: 45843

OSVDB: 72114