Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1070Improper Restriction of Operations within the Bounds of a Memory Buffer in Micro Serverprotect

7 documents5 sources
Severity
10.0CRITICALNVD
EPSS
75.1%
top 1.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Trend Micro Serverprotect
Timeline
PublishedFeb 21
Latest updateMay 1

Description

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDtrend_micro/serverprotect5.58, 5.61, 5.62+2

Patches

Patch: esupport.trendmicro.comPatch: esupport.trendmicro.com

🔴Vulnerability Details

3
GHSA
GHSA-5wqp-h7vg-p7gg: Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 52022-05-01
CVEList
CVE-2007-1070: Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 52007-02-21
VulnCheck
Microsoft Windows Out-of-bounds Write2007

💥Exploits & PoCs

3
Exploit-DB
Trend Micro ServerProtect 5.58 - Remote Buffer Overflow (Metasploit)2010-04-30
Exploit-DB
Trend Micro ServerProtect - 'eng50.dll' Remote Stack Overflow2007-09-06
Exploit-DB
Eudora 7.1.0.9 - IMAP FLAGS Remote Overwrite (SEH)2007-05-30
CVE-2007-1070 — Trend Micro Serverprotect vulnerability | cvebase