Trend Micro ServerProtect TMregChange buffer overflow

Added: 09/27/2007 CVE: CVE-2007-4731 OSVDB: 45878 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the TMregChange function in the TMreg.dll library allows remote attackers to execute arbitrary commands by sending specially crafted da...

CVE-2007-4731

Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005...

Trend Micro ServerProtect TMregChange()函数栈缓冲区溢出漏洞

CVECAN ID: CVE-2007-4731 Trend ServerProtect是一款企业级反病毒程序。 ServerProtect在处理超长畸形数据时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制服务器。 ServerProtect的TMReg.dll库所导出的TMregChange例程中存在栈溢出漏洞，绑定到5005端口的TCP套接字未经边界检查便将用户提供的数据拷贝到了栈缓冲区，如果用户提交了超长请求就可以触发这个溢出，导致执行任意指令。 Trend Micro ServerProtect 5.58 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange exported by TMReg.dll which is reachable through th...