CVE-2007-1070: Buffer Overflow
First published: Wed Feb 21 2007(Updated: )
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro ServerProtect | =5.61 | |
| Trend Micro ServerProtect | =5.62 | |
| Trend Micro ServerProtect | =5.58 | |
| Microsoft Windows 2000 | ||
| Microsoft Windows 2003 Server | =r2 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows NT | ||
| Microsoft Windows Vista | ||
| Microsoft Windows XP | =gold |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.tippingpoint.com/security/advisories/TSRT-07-01.html
- http://www.tippingpoint.com/security/advisories/TSRT-07-02.html
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
- http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt
- http://www.kb.cert.org/vuls/id/349393
- http://www.kb.cert.org/vuls/id/466609
- http://www.kb.cert.org/vuls/id/630025
- http://www.kb.cert.org/vuls/id/730433
- http://www.securityfocus.com/bid/22639
- http://www.securitytracker.com/id?1017676
- http://secunia.com/advisories/24243
- http://osvdb.org/33042
- http://www.vupen.com/english/advisories/2007/0670
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32601
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32594
- http://www.securityfocus.com/archive/1/460690/100/0/threaded
- http://www.securityfocus.com/archive/1/460686/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/trend micro
- canonical/trend micro serverprotect
- version/trend micro serverprotect/5.61
- version/trend micro serverprotect/5.62
- version/trend micro serverprotect/5.58
- vendor/microsoft
- canonical/microsoft windows 2000
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/r2
- version/microsoft windows 2003 server/sp2
- canonical/microsoft windows nt
- canonical/microsoft windows vista
- canonical/microsoft windows xp
- version/microsoft windows xp/gold