Intrusion Prevention

TrendMicro.ServerProtect.SPNT.Engine.RPC.Buffer.Overflow

Description

This indicates a possible attempt to exploit one of two vulnerabilities in Trend Micro ServerProtect for Windows.
These vulnerabilities are a result of bounds checking errors in "RPCFN_ENG_AddTaskExportLogItem" and "RPCFN_ENG_TakeActionOnAFile", in eng50.dll. Successful exploitation may allow remote attackers to execute arbitrary code by sending excessively long strings in an RPC request.

Affected Products

Trend Micro ServerProtect 5.58 Build 1176 for Windows and prior versions.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the patch, available from the vendor's web site:
http://www.trendmicro.com/ftp/products/patches/spnt_558_win_en_securitypatch4.exe

CVE References

CVE-2007-4218