Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4219

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4219
Last Modified 11 Oct 2011 12:00:00
Published 22 Aug 2007 07:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4219

Summary

Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Trend Micro Serverprotect 5.58


References

CERT - TA07-235A

CERT-VN - VU#959400

SECUNIA - 26523

XF - serverprotect-rpcfnsynctask-bo(36168)

VUPEN - ADV-2007-2934

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt

BID - 25396

SECTRACK - 1018594

SREASON - 3052

IDEFENSE - 20070821 Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability


Last Updated: 27 May 2016 10:45:48