Trend Micro Control Manager AddTask buffer overflow

Added: 01/16/2012
CVE: CVE-2011-5001
BID: 50965
OSVDB: 77585

Background

Trend Micro Control Manager streamlines administration of Trend Micro security solutions.

Problem

A buffer overflow vulnerability in the AddTask function allows remote attackers to execute arbitrary code by sending a specially crafted IPC packet to the CmdProcessor.exe service.

Resolution

Upgrade to Trend Micro Control Manager 5.5 build 1613 or higher.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-345/
http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt

Limitations

Exploit works on Trend Micro Control Manager 5.5 B1250.

Platforms

Windows

Back to exploit index