TrendMicro InterScan WebManager Version 1.2 RegGo.dll Buffer Overflow Vulnerability

2001-06-22T00:00:00
ID SECURITYVULNS:DOC:1746
Type securityvulns
Reporter Securityvulns
Modified 2001-06-22T00:00:00

Description


SNS Advisory No.33 TrendMicro InterScan WebManager Version 1.2 RegGo.dll Buffer Overflow Vulnerability

Problem first discovered: Wed, 06 Jun 2001 Published: Thr, 21 Jun 2001 Published: Thr, 21 Jun 2001


Overview

Trend Micro InterScan WebManager is a software which provides malicious mobile code protection, URL filtering and traffic management. A buffer overflow vulnerability exists in RegGo.dll which is used as web management console feature in InterScan WebManager version 1.2. This problem can allow remote users to execute arbitrary commands with SYSTEM privilege.

Problem Description

InterScan WebManager has a feature which provides management web console. RegGo.dll which is used for this feature has a buffer overflow vulnerability when long parameter was given.

A buffer overflow occurs with the following dump:

00F0FC6C 42 42 42 42 BBBB 00F0FC70 43 43 43 43 CCCC 00F0FC74 44 44 44 44 DDDD 00F0FC78 45 45 45 45 EEEE

EAX = 00F0FC6C EIP = 41414141

Therefore, arbitrary code which is addressed 00F0FC6C may be executed by calling eax.

Tested Version

TrendMicro InterScan WebManager Version 1.2

Tested on

Microsoft Windows NT Server 4.0 + SP6a [English]

Status of fixes

No patches are available at this momen. Trend Micro support team responded that this problem would be fixed on next version of WebManager. But they didn't provide any further information in detail. Until the patch is released, restrict access to refuse access to servers which WebManager had installed.

Discovered by

ARAI Yuu (LAC) y.arai@lac.co.jp

Disclaimer

All information in this advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information.

References

Archive of this advisory: http://www.lac.co.jp/security/english/snsadv_e/33_e.html

SNS Advisory: http://www.lac.co.jp/security/english/snsadv_e/

LAC: http://www.lac.co.jp/security/english/


Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp> Computer Security Laboratory, LAC http://www.lac.co.jp/security/