Trend Micro ServerProtect EarthAgent RPC buffer overflow

Added: 05/16/2007
CVE: CVE-2007-2508
BID: 23866
OSVDB: 35789

Background

Trend Micro ServerProtect is a virus scanner for servers. It includes the EarthAgent daemon which listens for connections on port 3628/TCP.

Problem

A buffer overflow vulnerability in the EarthAgent daemon allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request to port 3628/TCP.

Resolution

Apply one of the patches referenced in Trend Micro solution ID 1034290.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-024.html

Limitations

Exploit works on Trend Micro ServerProtect 5.58 Build 1060.

Platforms

Windows

Back to exploit index