Multiple security vulnerabilities in Trend Micro products

Security services provider iDefense has discovered multiple security vulnerabilities in Trend Micro security products for enterprise and home users. Attackers can exploit these to inject malicious code, and local users can escalate their access privileges.

Buffer overflows in multiple services in Trend Micro's ServerProtect can lead to execution of injected code. The affected services, SpntSvc.exe, StRpcSrv.dll, Stcommon.dll, Eng50.dll and Notification.dll, are remotely accessible via the remote procedure call interface (RPC) on TCP port 5168, and copy data passed by callers into fixed size buffers. This enables local, and possibly remote, attackers to exploit the vulnerabilities.

Creating files in folders with excessively long names may cause a buffer overflow to occur in Trend Micro's Internet Security Suite 2007 and in the vstlib32.dll anti-spyware library. The library uses a callback to the ReadDirectoryChangesW function in order to receive notification of changes to the file system, so the buffer overflow is triggered as soon as the file is created. Attackers can exploit the bug locally or via shared network drives in order to execute arbitrary program code with system privileges.

Service Pack 4 for Trend Micro's ServerProtect 5.58, which fixes these bugs, has now been released. Trend Micro has released a hotfix for Internet Security Suite 2007 and their anti-spyware products, which users should download and install as soon as possible.

See also:

• Trend Micro SSAPI Long Path Buffer Overflow Vulnerability, security advisory from iDefense
• Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability, security advisory from iDefense
• Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities, security advisory from iDefense
• Hotfix for PC-cillin Internet Security 2007
• Download Service Pack 4 for ServerProtect 5.58
• Overview of the changes in SP4 for Trend Micro's ServerProtect 5.58

(mba)