Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability

These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the followi...

Integer overflow

Integer overflow in the RPCFNSYNCTASK function in StRpcSrv.dll, as used by the ServerProtect service SpntSvc.exe, in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 516...

CVE-2007-4219

Integer overflow in the RPCFNSYNCTASK function in StRpcSrv.dll, as used by the ServerProtect service SpntSvc.exe, in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 516...

CVE-2007-4219

Trend Micro ServerProtect for Windows contains an integer overflow in RPCFN_SYNC_TASK (StRpcSrv.dll) used by the SpntSvc.exe service, exploitable by remote attackers via malformed requests to 5168/tcp. The flaw can trigger a heap-based buffer overflow and arbitrary code execution. Affected versio...