Trend Micro Control Manager CmdProcessor.exe Remote Buffer Overflow
High Nessus Plugin ID 57062
SynopsisThe remote Windows host contains a web application that allows remote code execution.
DescriptionThe Trend Micro Control Manager install on the remote Windows host is missing Critical Patch 1613. As such, the included CmdProcessor.exe component is affected by a remote stack-based buffer overflow vulnerability in the 'CGenericScheduler::AddTask' function of cmdHandlerRedAlertController.dll. By sending a specially crafted IPC packet to the service, which listens by default on TCP port 20101, an unauthenticated, remote attacker could leverage this issue to execute arbitrary code in the context of the user under which the service runs, which is SYSTEM by default.
SolutionUpgrade to Trend Micro Control Manager 5.5 if necessary and apply Critical Patch 1613.