Trend Micro ServerProtect is a virus scanner for servers. It includes the SpntSvc.exe daemon which listens for connections on port 5168/TCP.
A buffer overflow vulnerability in the
**CAgRpcClient::CreateBinding** function in the
**AgRpcCln.dll** library allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the SpntSvc.exe daemon.
Apply ServerProtect 5.58 Security Patch 3 (build 1176) or higher.
Exploit works on Trend Micro ServerProtect 5.58 Build 1060.