Technical Description

Multiple vulnerabilities have been identified in Trend Micro ServerProtect for Windows, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are caused by integer and buffer overflow errors in the "RPCFN_CMON_SetSvcImpersonateUser" [stcommon.dll], "RPCFN_OldCMON_SetSvcImpersonateUser" [stcommon.dll], "RPCFN_ENG_NewManualScan" [StRpcSrv.dll], "RPCFN_ENG_AddTaskExportLogItem" [eng50.dll], "RPCFN_EVENTBACK_DoHotFix" [earthagent.exe], "CMD_CHANGE_AGENT_REGISTER_INFO" [earthagent.exe], "RPCFN_ENG_TakeActionOnAFile" [eng50.dll], "RPCFN_SYNC_TASK" [StRpcSrv.dll], "RPCFN_SetComputerName" [StRpcSrv.dll], "RPCFN_ENG_TimedNewManualScan" [StRpcSrv.dll] and "NTF_SetPagerNotifyConfig" [Notification.dll] functions when processing malformed RPC requests, which could be exploited by remote attackers to crash an affected service or execute arbitrary code with elevated privileges.

Affected Products

Trend Micro ServerProtect 5.58 Build 1176 for Windows and prior

Solution

Apply Security Patch 4 - Build 1185 :
http://www.trendmicro.com/ftp/products/patches/spnt_558_win_en_securitypatch4.exe

References

http://www.vupen.com/english/advisories/2007/2934
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=587
http://www.zerodayinitiative.com/advisories/ZDI-07-077.html

Credits

Vulnerabilities reported by iDefense Labs, Code Audit Labs and ZDI.

ChangeLog

2007-08-22 : Initial release
2007-12-18 : Updated References

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.