CVE-2007-1070 Information

Description

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58 and for Network Appliance Filer 5.61 and 5.62 allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection (2) CMON_ActiveUpdate and (3) CMON_ActiveRollback functions in (a) StCommon.dll and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

Reference

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290 http://osvdb.org/33042 http://secunia.com/advisories/24243 http://www.kb.cert.org/vuls/id/349393 http://www.kb.cert.org/vuls/id/466609 http://www.kb.cert.org/vuls/id/630025 http://www.kb.cert.org/vuls/id/730433 http://www.securityfocus.com/archive/1/460686/100/0/threaded http://www.securityfocus.com/archive/1/460690/100/0/threaded http://www.securityfocus.com/bid/22639 http://www.securitytracker.com/id?1017676 http://www.tippingpoint.com/security/advisories/TSRT-07-01.html http://www.tippingpoint.com/security/advisories/TSRT-07-02.html http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt http://www.vupen.com/english/advisories/2007/0670 https://exchange.xforce.ibmcloud.com/vulnerabilities/32594 https://exchange.xforce.ibmcloud.com/vulnerabilities/32601