Zero Day Initiative

TippingPoint Zero Day Initiative

ZDI STATISTICS...

# Created Cases:	1,318
# Researchers:	810
Avg. Verification Time:	15 days

Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability

ZDI-07-050: September 7th, 2007

CVE ID

Affected Vendors

Affected Products

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability.

The specific flaw is exposed through the RPC interface bound on TCP port 5168 and defined in SpntSvc.exe with the following UUID:

25288888-bd5b-11d1-9d53-0080c83a5c2c

The vulnerable function, RPCFN_SetComputerName(), is reached when the custom protocols "subcode" is set to "\x30\x00\x0a\x00". Improper use of the MultiByteToWideChar() API results in an exploitable stack based buffer overflow.

Vendor Response

Trend Micro has issued an update to correct this vulnerability. More details can be found at:

ServerProtect5.58 Security Patch 4 - Build 1185

Disclosure Timeline

Credit

This vulnerability was discovered by:

Published Advisories

ZDI-08-044: Mozilla Firefox

published 2008-07-17

ZDI-08-043: Sun Microsystems

published 2008-07-17

ZDI-08-042: Sun Microsystems

published 2008-07-17

ZDI-08-041: Novell

published 2008-07-10

ZDI-08-040: Microsoft

published 2008-06-10

Upcoming Advisories

reported 2008-07-08, 13 days ago

reported 2008-07-07, 14 days ago

reported 2008-07-07, 14 days ago

reported 2008-07-03, 18 days ago

reported 2008-06-26, 25 days ago

Recent Press

iPhone and iPod Touch updated with security patches

published 2008-07-11, CNET

Apple TV gets a security update

published 2008-07-10, CNET

First reports of a Firefox 3 vulnerability

published 2008-06-19, BetaNews

Researchers disclose Firefox 3 flaws

published 2008-06-19, SecurityFocus

Millions of downloads -- and the first critical ...

published 2008-06-19, SCMagazine