QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-4218

Back to search

CVE-2007-4218

Published: Aug 22, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.

VendorProductVersions

n/a

n/a

affected
n/a

References

VU#109056
third-party-advisory
x_refsource_CERT-VN
25395
vdb-entry
x_refsource_BID
VU#204448
third-party-advisory
x_refsource_CERT-VN
serverprotect-eng50dll-bo(36175)
vdb-entry
x_refsource_XF
TA07-235A
third-party-advisory
x_refsource_CERT
ADV-2007-2934
vdb-entry
x_refsource_VUPEN
1018594
vdb-entry
x_refsource_SECTRACK
3052
third-party-advisory
x_refsource_SREASON
serverprotect-strpcsrv-bo(36172)
vdb-entry
x_refsource_XF
26523
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now