iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.'s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the relay.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.
0df4d6d0dffdc1cfc7d0952eba709daad134991e21afdae77b6d36b19010895aiDEFENSE Security Advisory 12.14.05 - Remote exploitation of a heap overflow in Trend Micro Inc.'s ServerProtect Management Console allows remote attackers to execute arbitrary code with the privileges of the underlying web server. The problem specifically exists within the isaNVWRequest.dll ISAPI application upon processing of large POST requests with wrapped length values. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.
2b7f7561dc295bc1cfe3e20219662ae750c9bb92cf1486276a5ed8b07010d923
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed