OSVDB ID: 35790

Title: Trend Micro ServerProtect SpntSvc.exe Service AgRpcCln.dll CAgRpcClient::CreateBinding() Function Remote Overflow

Info

Disclosure

May 08, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 03, 2007

Description

A buffer overflow exists in ServerProtect. SpntSvc.exe fails to validate data passed to the CAgRpcClient::CreateBinding() function resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Private, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Trend Micro has released a patch to address this vulnerability.

Products

Trend Micro, Inc.	ServerProtect	5.58
		5.57

References

Security Tracker: 1018010
CVE ID: 2007-2508 (see also: NVD)
Bugtraq ID: 23866 23868
Secunia Advisory ID: 25186
SCIP VulDB ID: 3068
ISS X-Force ID: 34162 34163
Related OSVDB ID: 35789 35791 35792 35793
Metasploit ID: 35790
CERT VU: 488424 515616
VUPEN Advisory: ADV-2007-1689
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0090.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/serverprotect_createbinding
Vendor Specific News/Changelog Entry: http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-025.html
Keyword: TCP port 5168

Credit

Eric Detoisien - eric.detoisienglobal-secure.fr - Global Secure

Direct URL: http://osvdb.org/35790

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Trend Micro, Inc.

ServerProtect

References

Credit