Signature Detail
Short Name |
APP:TMIC:TMREGCHANGE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
trend micro trendmicro serverprotect tmregchange |
Release Date |
2010/10/14 |
Update Number |
1792 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+ |
APP: Trend Micro ServerProtect TMregChange Stack Overflow
This signature detects attempts to exploit a known stack-based buffer overflow vulnerability in Trend Micro ServerProtect. It is due to improper bounds checking of specially crafted messages sent to TMregChange functionality of the service. A remote unauthenticated attacker, with network access to the service, can exploit this by sending a specially crafted message to the target service and can inject and execute arbitrary code on the target system with System level privileges. In a simple attack, the affected service process terminates abnormally when the malicious message is processed. The service is automatically restarted by a watch-dog process. In a successful sophisticated attack, where the code is injected and executed, the behavior of the system is dependent on the nature of the injected code. Any code executes in the security context of the service process, which is System on Windows platforms.
Extended Description
Trend Micro ServerProtect is prone to a buffer-overflow vulnerability that is exploitable over RPC. Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges and to completely compromise affected computers. Failed exploit attempts will result in a denial of service. This issue was reported to affect to ServerProtect prior to 5.58 Security Patch 4 - Build 1185.
Affected Products
- Trend Micro ServerProtect for Windows 5.58
References
- BugTraq: 25595
- CVE: CVE-2007-4731