CVE - CVE-2007-2508

CVE-ID
CVE-2007-2508	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:23866 URL:http://www.securityfocus.com/bid/23866 BID:23868 URL:http://www.securityfocus.com/bid/23868 BUGTRAQ:20070507 ZDI-07-024: Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/467932/100/0/threaded BUGTRAQ:20070507 ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/467933/100/0/threaded CERT-VN:VU#488424 URL:http://www.kb.cert.org/vuls/id/488424 CERT-VN:VU#515616 URL:http://www.kb.cert.org/vuls/id/515616 CONFIRM:http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-024.html MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-025.html OSVDB:35789 URL:~~http://osvdb.org/35789~~ (Obsolete source) OSVDB:35790 URL:~~http://osvdb.org/35790~~ (Obsolete source) SECTRACK:1018010 URL:http://securitytracker.com/id?1018010 SECUNIA:25186 URL:http://secunia.com/advisories/25186 VUPEN:ADV-2007-1689 URL:~~http://www.vupen.com/english/advisories/2007/1689~~ (Obsolete source) XF:serverprotect-agrpccln-bo(34162) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34162 XF:serverprotect-earthagent-bo(34163) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34163
Assigning CNA
MITRE Corporation
Date Record Created
20070507	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070507)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)