{"vuid":"VU#730433","idnumber":"730433","name":"Trend Micro ServerProtect CMON_NetTestConnection() stack buffer overflow","keywords":["Trend Micro ServerProtect","buffer overflow","CMON_NetTestConnection() function","StCommon.dll","RPC request","SpntSvc.exe service","default port 5168/TCP"],"overview":"Trend Micro ServerProtect contains a stack-based buffer overflow.","clean_desc":"Trend Micro ServerProtect fails to properly handle data passed to the CMON_NetTestConnection()routine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially crafted RPC packet to an affected Trend Micro ServerProtect installation. For more information refer to Trend Micro Solution ID: 1034290.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.","resolution":"Apply a patch\nTrend Micro has addressed this vulnerability with Security Patch 1- Build 1171.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Pedram Amini of Tipping Point \nSecurity Research Team.","author":"This document was written by Jeff Gennari.","public":["http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290","http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt","http://www.tippingpoint.com/security/advisories/TSRT-07-01.html","http://www.tippingpoint.com/security/advisories/TSRT-07-02.html"],"cveids":["CVE-2007-1070"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-02-21T11:59:31Z","publicdate":"2007-02-20T00:00:00Z","datefirstpublished":"2007-02-21T18:31:52Z","dateupdated":"2007-02-21T19:05:54Z","revision":9,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"17","cam_attackeraccessrequired":"20","cam_scorecurrent":"28.6875","cam_scorecurrentwidelyknown":"51.6375","cam_scorecurrentwidelyknownexploited":"89.8875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":28.6875,"vulnote":null}