Trend Micro ServerProtect SpntSvc.exe CreateBinding buffer overflow

2007-07-09T00:00:00
ID SAINT:F13E7DDCCF11D0A7AB85A0685FBC99F1
Type saint
Reporter SAINT Corporation
Modified 2007-07-09T00:00:00

Description

Added: 07/09/2007
CVE: CVE-2007-2508
BID: 23868
OSVDB: 35790

Background

Trend Micro ServerProtect is a virus scanner for servers. It includes the SpntSvc.exe daemon which listens for connections on port 5168/TCP.

Problem

A buffer overflow vulnerability in the **CAgRpcClient::CreateBinding** function in the **AgRpcCln.dll** library allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the SpntSvc.exe daemon.

Resolution

Apply ServerProtect 5.58 Security Patch 3 (build 1176) or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-025.html>

Limitations

Exploit works on Trend Micro ServerProtect 5.58 Build 1060.

Platforms

Windows