Published: 2007-08-26T04:09+00:00
Last Updated: 2007-08-26T04:09+00:00
TRTA07-235A
Trend Micro ServerProtect Contains Multiple Vulnerabilities
Overview
A number of vulnerabilities exist in the Trend Micro ServerProtect antivirus product. These vulnerabilities could allow a remote attacker to completely compromise an affected system.
Event Information
| Date (UTC) | Description |
| 2007-08-23 19:54 |
US-CERT TA07-235A: Trend Micro ServerProtect Contains Multiple Vulnerabilities Via US-CERT Mailing List |
| 2007-08-23 18:54 |
SANS Internet Storm Center Trend Micro ServerProtect Update Indications are that the ServerProtect exploit is against an older vulnerability from earlier this year, February 2007. This vulnerability was patched previously. The vulnerability appears to be "vulnerabilty one" in this advisory: TPTI-07-02. But this does indeed appear to be a new exploit, thus machines are being actively compromised if they haven't been patched. |
| 2007-08-23 08:58 |
JPCERT/CC JPCERT-AT-2007-0019: Increased activity targeting TCP port 5168 |
| 2007-08-23 08:00 |
SANS Internet Storm Center Trend Micro management exploit payload perhaps? Let's see what our shellcode analysts can determine before we post complete packet payload. |
| 2007-08-22 22:43 |
Trend Micro Solution ID: 1035930: Potential Trend Micro ServerProtect Security Risk Product:ServerProtect for Microsoft Windows - 5.58 Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218) Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219) |
| 2007-08-22 16:58 |
US-CERT Multiple Vulnerabilities in Trend Micro Products Trend Micro has released updates to address several vulnerabilities in their ServerProtect, AntiSpyware, and PC-cillin Internet Security products. By sending a crafted RPC request or creating a file on the local file system with an overly long path, an attacker may be able to cause a denial-of-service condition or execute arbitrary code on an affected system. |
| 2007-08-22 |
SANS Internet Storm Center Trend Micro scanning on TCP 5168 We are seeing some heavy scanning activity on TCP 5168. Probably for Trend Micro ServerProtect. There was vulnerabilities announced for this product yesterday. |
| 2007-08-21 22:43 |
Full-disclosure [Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219) |
| 2007-08-21 22:21 |
Full-disclosure [Full-disclosure] iDefense Security Advisory 08.21.07: Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218) |
| 2007-08-21 19:16 |
Full-disclosure [Full-disclosure] iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability Trend Micro SSAPI Vulnerability(CVE-2007-3873) |
| 2007-08-20 |
Trend Micro Solution ID: 1035845: [Hot Fix]B1028 - The SSAPI module crashes once a folder or file exceeds the max_path character limit Product: PC-cillin Internet Security - 2007, Trend Micro Anti-Spyware for Consumer - 3.5 Trend Micro SSAPI Vulnerability(CVE-2007-3873) |
| 2007-07-26 09:00 |
Trend Micro ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003 - Security Patch 4 - Build 1185 Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218) Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219) |
| 2007-07-12 |
iDefense Trend Micro SSAPI Long Path Buffer Overflow Vulnerability Trend Micro SSAPI Vulnerability(CVE-2007-3873) Vulnerability Reported |
| 2007-06-14 |
iDefense Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability Trend Micro ServerProtect Integer Overflow Vulnerability(CVE-2007-4219) Vulnerability Reported |
| 2007-06-14 |
iDefense Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities Trend Micro ServerProtect RPC buffer overflow Vulnerability(CVE-2007-4218) Vulnerability Reported |