CVE-2007-1070

Опубликовано: 21 фев. 2007

Источник: nvd

CVSS2: 10

EPSS Высокий

Описание

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

Ссылки

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
Patch
Vendor Advisory
http://osvdb.org/33042
http://secunia.com/advisories/24243
http://www.kb.cert.org/vuls/id/349393
US Government Resource
http://www.kb.cert.org/vuls/id/466609
US Government Resource
http://www.kb.cert.org/vuls/id/630025
US Government Resource
http://www.kb.cert.org/vuls/id/730433
US Government Resource
http://www.securityfocus.com/archive/1/460686/100/0/threaded
http://www.securityfocus.com/archive/1/460690/100/0/threaded
http://www.securityfocus.com/bid/22639
http://www.securitytracker.com/id?1017676
http://www.tippingpoint.com/security/advisories/TSRT-07-01.html
Vendor Advisory
http://www.tippingpoint.com/security/advisories/TSRT-07-02.html
Vendor Advisory
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0670
https://exchange.xforce.ibmcloud.com/vulnerabilities/32594
https://exchange.xforce.ibmcloud.com/vulnerabilities/32601
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
Patch
Vendor Advisory
http://osvdb.org/33042
http://secunia.com/advisories/24243

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*

cpe:2.3:a:trend_micro:serverprotect:5.61:*:network_appliance_filer:*:*:*:*:*

cpe:2.3:a:trend_micro:serverprotect:5.62:*:network_appliance_filer:*:*:*:*:*

EPSS

Процентиль: 99%

0.7511

Высокий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5wqp-h7vg-p7gg

github

почти 4 года назад