In association with heise online

21 February 2007, 10:38

Buffer overflow in Trend Micro's ServerProtect

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers have the possibility in Trend Micro's antivirus products of causing a buffer overflow and then injecting malicious code. The flawed libraries StCommon.dll and eng50.dll can be reached by remote procedure call (RPC) on TCP port 5168. In several functions called by these means, the values transferred can cause a buffer overflow because they are copied into buffers of limited size.

Code injected via this hole then runs with system rights; attackers do not need to be logged in. Trend Micro is providing updates that administrators should install as quickly as possible for the affected versions: ServerProtect for Windows 5.58, ServerProtect for Network Appliance Filer 5.62 and ServerProtect for EMC Celerra 5.58. For ServerProtect for EMC 5.58 and ServerProtect for Network Appliance Filer 5.61, Trend Micro will be providing patches on the 19th and 29th of March 2007, respectively.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit