CVE-2007-4219Improper Restriction of Operations within the Bounds of a Memory Buffer in Micro Serverprotect

CWE-1893 documents3 sources
Severity
10.0CRITICALNVD
EPSS
40.5%
top 2.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Trend Micro Serverprotect
Timeline
PublishedAug 22
Latest updateMay 1

Description

Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-w9vx-wg94-r6pj: Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv2022-05-01
CVEList
CVE-2007-4219: Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv2007-08-22
CVE-2007-4219 — Trend Micro Serverprotect vulnerability | cvebase