CVE-2005-1929 Information

Description

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1 allow remote attackers to execute arbitrary code via \wrapped\ length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such this might not be a vulnerability in Trend Micro’s product.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039972.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039978.html http://secunia.com/advisories/18038 http://securityreason.com/securityalert/256 http://securityreason.com/securityalert/257 http://securitytracker.com/id?1015358 http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities http://www.osvdb.org/21771 http://www.osvdb.org/21772 http://www.securityfocus.com/bid/15865 http://www.securityfocus.com/bid/15866 http://www.vupen.com/english/advisories/2005/2907