Intrusion Prevention

Trend.ServerProtect.StRpcSrv.dll.Buffer.Overflow

Description

This indicates an attempt to exploit one of three vulnerabilities in Trend Micro ServerProtect for Windows.
These vulnerabilities are caused by boundary check errors in "RPCFN_CMON_SetSvcImpersonateUser", "RPCFN_ENG_NewManualScan" and "RPCFN_SetComputerName" in StRpcSrv.dll. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Trend Micro ServerProtect 5.58 Build 1176 for Windows and prior versions.

Impact

System compromise: Remote code execution.

Recommended Actions

Apply the patch, available from the vendor's web site:
http://www.trendmicro.com/ftp/products/patches/spnt_558_win_en_securitypatch4.exe

CVE References

CVE-2007-4219 CVE-2007-4218