In association with heise online

22 August 2007, 10:15

Multiple security vulnerabilities in Trend Micro products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider iDefense has discovered multiple security vulnerabilities in Trend Micro security products for enterprise and home users. Attackers can exploit these to inject malicious code, and local users can escalate their access privileges.

Buffer overflows in multiple services in Trend Micro's ServerProtect can lead to execution of injected code. The affected services, SpntSvc.exe, StRpcSrv.dll, Stcommon.dll, Eng50.dll and Notification.dll, are remotely accessible via the remote procedure call interface (RPC) on TCP port 5168, and copy data passed by callers into fixed size buffers. This enables local, and possibly remote, attackers to exploit the vulnerabilities.

Creating files in folders with excessively long names may cause a buffer overflow to occur in Trend Micro's Internet Security Suite 2007 and in the vstlib32.dll anti-spyware library. The library uses a callback to the ReadDirectoryChangesW function in order to receive notification of changes to the file system, so the buffer overflow is triggered as soon as the file is created. Attackers can exploit the bug locally or via shared network drives in order to execute arbitrary program code with system privileges.

Service Pack 4 for Trend Micro's ServerProtect 5.58, which fixes these bugs, has now been released. Trend Micro has released a hotfix for Internet Security Suite 2007 and their anti-spyware products, which users should download and install as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit