Signature Detail

APP: Trend Micro Control Manager Chunked Overflow

This signature detects attempts to exploit a known vulnerability in the Trend Micro Control Manager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

A remotely exploitable heap-based buffer overflow vulnerability is present in the Trend Micro ServerProtect 'isaNVWRequest.dll' ISAPI component of the Management Console. An attacker could exploit this issue to execute arbitrary code in the context of the underlying Web server. This issue is reported to affected ServerProtect 5.58 for Windows running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. Other versions and platforms may be affected as well. It is also possible that other Trend Micro products such as InterScan eManager, InterScan Web Protect, OfficeScan, and Control Manager could be impacted as well. It is noted that the vulnerability may actually be present in the MFC (Microsoft Foundation Class) ISAPI libraries. This issue may be related to BID 9963 "Microsoft Visual C++ MFC ISAPI Extension Denial Of Service Vulnerability".

Affected Products

• Trend Micro ServerProtect 5.3.1
• Trend Micro ServerProtect 5.5.8
• Trend Micro ServerProtect for Windows 5.58
• Trend Micro ServerProtect for Windows

References

• BugTraq: 15865
• CVE: CVE-2005-1929