Lucene search

SAINT CorporationSAINT:0DC85BE71D149A4C3D722E5E4EB744F9

HistoryJan 24, 2006 - 12:00 a.m.

Trend Micro ServerProtect Management Console isaNVWRequest.dll chunked POST buffer overflow

2006-01-2400:00:00

SAINT Corporation

download.saintcorporation.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.705 High

EPSS

Percentile

97.7%

JSON

Added: 01/24/2006
CVE: CVE-2005-1929
BID: 15865
OSVDB: 21771

Background

ServerProtect is a virus scanner for servers.

Problem

A buffer overflow in ServerProtect Management Console could allow a remote attacker to execute commands using a chunked POST request to isaNVWRequest.dll.

Resolution

Use the workaround described in the iDEFENSE advisory.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=353>

Limitations

Works on Trend Micro Control Manager 3.0. Since this is a heap overflow, the success of the exploit depends on the system state.

Platforms

Windows 2000

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.705 High

EPSS

Percentile

97.7%

JSON

Related for SAINT:0DC85BE71D149A4C3D722E5E4EB744F9