Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5001

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-5001
Last Modified 28 Dec 2011 12:00:00
Published 24 Dec 2011 08:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5001

Summary

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.

Vulnerable Systems

Application

  • Trend Micro Control Manager 5.5


References

XF - cm-cgenericscheduleraddtask-bo(71681)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-345/

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt

SECTRACK - 1026390

BUGTRAQ - 20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability

SECUNIA - 47114


Last Updated: 27 May 2016 10:57:58