Vulnerabilities > CVE-2007-2528 - Unspecified vulnerability in Trend Micro Serverprotect 5.58

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
trend-micro
nessus

Summary

Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.

Vulnerable Configurations

Part Description Count
Application
Trend_Micro
1

Nessus

NASL familyWindows
NASL idTRENDMICRO_SERVERPROTECT_AGRPCCLN_OVERFLOW.NASL
descriptionThe remote version of Trend Micro ServerProtect is vulnerable to a stack overflow involving the
last seen2020-06-01
modified2020-06-02
plugin id25171
published2007-05-09
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25171
titleTrend Micro ServerProtect AgRpcCln.dll Buffer Overflow
code
#
#  (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(25171);
  script_version("1.19");

  script_cve_id("CVE-2007-2528");
  script_bugtraq_id(23868);

  script_name(english:"Trend Micro ServerProtect AgRpcCln.dll Buffer Overflow");
  script_summary(english:"Checks version of ServerProtect"); 
 
 script_set_attribute(attribute:"synopsis", value:
"The remote service is vulnerable to a remote buffer overflow attack." );
 script_set_attribute(attribute:"description", value:
"The remote version of Trend Micro ServerProtect is vulnerable to a
stack overflow involving the 'wcscpy' function of the routine
'CAgRpcClient::CreateBinding' in AgRpcCln.dll library.  An
unauthenticated, remote attacker may be able to leverage this issue
with specially crafted RPC requests to its SpntSvc.exe daemon to
execute arbitrary code on the remote host. 

Note that by default, Trend Micro services run with LocalSystem
privileges." );
 script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-07-025/" );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/May/89" );
  # http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch3_readme.txt
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6b7dccdd" );
 script_set_attribute(attribute:"solution", value:
"Apply Security Patch 3 - Build 1176 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"metasploit_name", value:'Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/05/09");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/05/08");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/04/13");
 script_cvs_date("Date: 2018/11/15 20:50:29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:trend_micro:serverprotect");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_dependencies("trendmicro_serverprotect_detect.nasl");
  script_require_keys("Antivirus/TrendMicro/ServerProtect");
  script_require_ports(5168);

  exit(0);
}


port = 5168;


# Check the version number.
ver = get_kb_item ("Antivirus/TrendMicro/ServerProtect");
if (ver)
{
 iver = split (ver, sep:".", keep:FALSE);
 for (i=0; i<max_index(iver); i++)
   iver[i] = int(iver[i]);

 # Versions before 5.5 build 1176 are affected.
 if (
      iver[0] < 5 ||
      (
        iver[0] == 5 &&
        (
          iver[1] < 58 ||
          (iver[1] == 58 && iver[2] == 0 && iver[3] < 1176)
        )
      )
    ) security_hole(port);
}