{"vuid":"VU#959400","idnumber":"959400","name":"Trend Micro ServerProtect Integer Overflow Vulnerability","keywords":["Trend Micro","ServerProtect","stack overflow","StRpcSrv.dll","RPCFN_SYNC_TASK","RPC","spnt_558_win_en_securitypatch4"],"overview":"Trend Micro ServerProtect contains an integer overflow vulnerability that may allow a remote attacker to execute arbitrary code.","clean_desc":"Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with centralized management of multiple servers. The ServerProtect architecture includes a management console, information server, and the server which has ServerProtect installed. The ServerProtect executable that runs on the server being protected by the anti-virus engine is called SpntSvc.exe. This executable uses the StRpcSrv.dll library to handle RPC requests on 5168/tcp. The ServerProtect component contains an integer overflow vulnerability within the RPC function RPCFN_SYNC_TASK. A remote, unauthenticated attacker may be able to trigger the overflow by sending malformed RPC request to a vulnerable system.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.","resolution":"Update\nTrend Micro has addressed this vulnerability in Security Patch 4 - Build 1185.","workarounds":"Restrict Access Restricting network access to 5168/tcp to trusted hosts may mitigate this vulnerability.","sysaffected":"","thanks":"This vulnerability was discovered by Jun Mao (iDefense Labs).","author":"This document was written by Joseph Pruszynski.","public":["http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588","http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt","http://secunia.com/advisories/26523/"],"cveids":["CVE-2007-4219"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-08-22T14:16:00Z","publicdate":"2007-08-21T00:00:00Z","datefirstpublished":"2007-08-23T17:14:50Z","dateupdated":"2007-08-23T17:28:39Z","revision":26,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"10","cam_exploitation":"15","cam_internetinfrastructure":"4","cam_population":"4","cam_impact":"8","cam_easeofexploitation":"16","cam_attackeraccessrequired":"20","cam_scorecurrent":"5.568","cam_scorecurrentwidelyknown":"7.488","cam_scorecurrentwidelyknownexploited":"8.448","ipprotocol":"TCP","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.568,"vulnote":null}