Trend Micro ServerProtect ENG_SendEMail() stack buffer overflow

2007-02-2100:00:00

www.kb.cert.org

0.954 High

EPSS

Percentile

99.4%

JSON

Overview

Trend Micro ServerProtect contains a stack-based buffer overflow.

Description

Trend Micro ServerProtect fails to properly handle data passed to the ENG_SendEMail() routine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially crafted RPC packet to an affected Trend Micro ServerProtect installation.

For more information refer to Trend Micro Solution ID: 1034290.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

Solution

Apply a patch

Trend Micro has addressed this vulnerability with Security Patch 1- Build 1171.

Vendor Information

349393

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Trend Micro __ Affected

Updated: February 21, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290> and <http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt>.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23349393 Feedback>).