CVE-2007-2533 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Micro Serverprotect

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

19.7%

top 4.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Serverprotect

Timeline

PublishedMay 9

Latest updateMay 1

Description

Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDtrend_micro/serverprotect5.58

Patches

Patch: www.trendmicro.com ↗Patch: www.trendmicro.com ↗Patch: www.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-4m64-fp2m-vhfj: Multiple buffer overflows in Trend Micro ServerProtect 5↗2022-05-01

▶

CVEList

CVE-2007-2533: Multiple buffer overflows in Trend Micro ServerProtect 5↗2007-05-09

▶