Buffer overflow in Trend Micro's ServerProtect
Attackers have the possibility in Trend Micro's antivirus products of causing a buffer overflow and then injecting malicious code. The flawed libraries StCommon.dll and eng50.dll can be reached by remote procedure call (RPC) on TCP port 5168. In several functions called by these means, the values transferred can cause a buffer overflow because they are copied into buffers of limited size.
Code injected via this hole then runs with system rights; attackers do not need to be logged in. Trend Micro is providing updates that administrators should install as quickly as possible for the affected versions: ServerProtect for Windows 5.58, ServerProtect for Network Appliance Filer 5.62 and ServerProtect for EMC Celerra 5.58. For ServerProtect for EMC 5.58 and ServerProtect for Network Appliance Filer 5.61, Trend Micro will be providing patches on the 19th and 29th of March 2007, respectively.
- Buffer overflow in ServerProtect, Trend Micro's security advisory
- Download the updates for ServerProtect
- Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities, TippingPoint's security advisory
- Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities, TippingPoint's security advisory