| VID |
23153 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Trend Micro ControlManager, according to its version number, has multiple buffer overflow vulnerabilities. Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, are vulnerable to multiple heap-based buffer overflows in the isaNVWRequest.dll and relay.dll ISAPI applications, which are parts of the Web management interface. A remote attacker could exploit these vulnerabilities to execute arbitrary code on the affected host with privileges of the Web server process.
* Note: This check solely relied on the version number of Trend Micro ControlManager installed on the remote Web server to assess this vulnerability.
* References:
http://www.idefense.com/application/poi/display?id=354&type=vulnerabilities
http://www.frsirt.com/english/advisories/2005/2907
http://securitytracker.com/id?1015358
http://secunia.com/advisories/18038
* Platforms Affected:
Trend Micro, ServerProtect for NT 5.58
Microsoft Windows Any version
Novell NetWare 5.1, 6, 6.5 |
| Recommendation |
Apply the Service Pack 5 Build (4213) for ControlManager 3.0, available from the Trend Micro Product Updates Web site at http://www.trendmicro.com/download/product.asp?productid=7 |
| Related URL |
CVE-2005-1929 (CVE) |
| Related URL |
15865,15866,15867 (SecurityFocus) |
| Related URL |
23600,23602 (ISS) |
|
