Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1929

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1929
Last Modified 07 Mar 2011 12:00:00
Published 14 Dec 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1929

Summary

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.

Vulnerable Systems

Application

  • Trend Micro Serverprotect 5.58


References

VUPEN - ADV-2005-2907

BID - 15866

BID - 15865

OSVDB - 21772

OSVDB - 21771

IDEFENSE - 20051214 Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow

SECTRACK - 1015358

SREASON - 257

SREASON - 256

SECUNIA - 18038

FULLDISC - 20051214 Re: iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability


Last Updated: 27 May 2016 10:40:20