Detections
Analytics

Trend Micro Control Manager CmdProcessor.exe Remote Buffer Overflow

high Nessus Plugin ID 57062

Language:

Synopsis

The remote Windows host contains a web application that allows remote code execution.

Description

The Trend Micro Control Manager install on the remote Windows host is missing Critical Patch 1613. As such, the included CmdProcessor.exe component is affected by a remote stack-based buffer overflow vulnerability in the 'CGenericScheduler::AddTask' function of cmdHandlerRedAlertController.dll. By sending a specially crafted IPC packet to the service, which listens by default on TCP port 20101, an unauthenticated, remote attacker could leverage this issue to execute arbitrary code in the context of the user under which the service runs, which is SYSTEM by default.

Solution

Upgrade to Trend Micro Control Manager 5.5 if necessary and apply Critical Patch 1613.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-345/

https://seclists.org/fulldisclosure/2011/Dec/204

http://www.nessus.org/u?5a60584c

Plugin Details

Severity: High

ID: 57062

File Name: tmcm_cmdprocessor_addtask_bof.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 12/9/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/10/2011

Vulnerability Publication Date: 11/10/2011

Exploitable With

Core Impact

Metasploit (TrendMicro Control Manger CmdProcessor.exe Stack Buffer Overflow)

Reference Information

CVE: CVE-2011-5001

BID: 50965