SafeInput - Trend Micro ServerProtect flaws disclosed - Vulnerabilities & Exploits


	Login


Username: Password: Lost Password? Register now!


	Did you know?


What is SafeInput? More details...


	Random FAQ


Is there a fee to becoming a partner? Answer here!

Vulnerabilities & Exploits : Trend Micro ServerProtect flaws disclosed

Posted by glm on 2008/12/22 18:21:46 (25 reads)

By :Frank Washkuch

May 9, 2007 9:48 AM

Trend Micro made patches available for the flaws last month.

One flaw is caused by a stack overflow error when processing specially created RPC requests sent to port 54168/TCP, according to FrSIRT, the French Security Incident Response Team. The flaw could be used to crash the SpntSvc.exe daemon or to execute arbitrary code.

Another flaw is caused by a stack overflow error when handling specially crafted calls sent to port 3628/TCP. That error can be exploited to crash the EarthAgent.exe daemon, according to FrSIRT.

Secunia ranked both flaws as %26quot;moderately critical%26quot; in a Monday advisory, adding that they affect ServerProtect version 5.58.

Other flaws exist in program functions when processing malformed arguments. They can also be exploited to execute arbitrary code, according to FrSIRT.

Authentication is not required for exploitation of either flaw, according to advisories from TippingPoint%26rsquo;s ZeroDay Initiative.

Trend Micro patched the flaws, which affect various versions of Windows 2000, Windows NT and Windows 2003, in bulletins released on 18 April.

Source from:

Previous article - Next article

Other articles
2009/2/4 23:20:16 - Cloud computing is a storage spot for malware
2009/2/4 23:20:15 - Microsoft responds to Windows 7 security gripe
2009/2/4 23:20:12 - Web identity hijacking on the rise
2009/2/4 23:20:12 - Google glitch puts surfers in a quandary
2009/2/4 23:20:11 - Facebook plays down privacy concerns
2009/2/4 23:20:10 - Australian Computer Society to use Sophos security solution
2009/2/4 23:20:09 - Google working on fix for clickjacking vulnerability in Chrome
2009/2/4 23:20:08 - McAfee: Malware will use web and USB sticks to spread in 2009
2009/2/4 23:20:07 - With economy in tailspin, Monster discloses major breach
2009/2/4 23:20:06 - OS X 'pirate' trojan resurfaces
2009/2/4 23:20:05 - IE 8 approaching on formal release
2009/2/4 23:20:04 - Companies warned over use of Netbooks
2009/2/4 23:20:03 - Trend Micro signs up with BigFix
2009/2/4 23:17:08 - Banks urged to change security policies
2009/2/4 23:17:08 - Heartland incident provides opportunity to standardise data breach notification laws

The comments are owned by the poster. We aren't responsible for their content.

Articles