iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.'s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the relay.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.
0df4d6d0dffdc1cfc7d0952eba709daad134991e21afdae77b6d36b19010895a
iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.'s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the isaNVWRequest.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.
2b7f7561dc295bc1cfe3e20219662ae750c9bb92cf1486276a5ed8b07010d923