1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. RPC TrendMicro ServerProtect Multiple BO

RPC TrendMicro ServerProtect Multiple BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a buffer overflow vulnerability in Trend Micro ServerProtect which may result in remote code execution.

Additional Information

Trend Micro ServerProtect is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. There are nine buffer-overflow vulnerabilities that affect the 'SpntSvc.exe' and agent services that listen on TCP ports 5168 and 3628. These vulnerabilities may be exploited over RPC interfaces that are exposed by the vulnerable application. Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service. These issues were reported to affect ServerProtect 5.58 Build 1176 (Security Patch 3). Earlier versions may also be affected.

Affected

  • Trend Micro ServerProtect 5.5.8

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube