Lucene search

SAINT CorporationSAINT:730562FB4506D49DEB7171E0197FEA0A

HistoryJan 16, 2012 - 12:00 a.m.

Trend Micro Control Manager AddTask buffer overflow

2012-01-1600:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.948 High

EPSS

Percentile

99.3%

JSON

Added: 01/16/2012
CVE: CVE-2011-5001
BID: 50965
OSVDB: 77585

Background

Trend Micro Control Manager streamlines administration of Trend Micro security solutions.

Problem

A buffer overflow vulnerability in the **AddTask** function allows remote attackers to execute arbitrary code by sending a specially crafted IPC packet to the **CmdProcessor.exe** service.

Resolution

Upgrade to Trend Micro Control Manager 5.5 build 1613 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-345/>
<http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt>

Limitations

Exploit works on Trend Micro Control Manager 5.5 B1250.

Platforms

Windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.948 High

EPSS

Percentile

99.3%

JSON

Related for SAINT:730562FB4506D49DEB7171E0197FEA0A