CVE-2007-6507 — Micro Serverprotect vulnerability

CWE-2643 documents3 sources

Severity

10.0CRITICALNVD

EPSS

71.4%

top 1.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Serverprotect

Timeline

PublishedDec 20

Latest updateMay 1

Description

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDtrend_micro/serverprotect5.58_security_patch_3

🔴Vulnerability Details

GHSA

GHSA-f227-6m9w-cq8h: SpntSvc↗2022-05-01

▶

CVEList

CVE-2007-6507: SpntSvc↗2007-12-20

▶