Lucene search

SAINT CorporationSAINT:03DD4AD3CB032EA374C89129C9DC3D34

HistoryJan 24, 2006 - 12:00 a.m.

Trend Micro ServerProtect Management Console isaNVWRequest.dll chunked POST buffer overflow

2006-01-2400:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.705

Percentile

98.0%

JSON

Added: 01/24/2006
CVE: CVE-2005-1929
BID: 15865
OSVDB: 21771

Background

ServerProtect is a virus scanner for servers.

Problem

A buffer overflow in ServerProtect Management Console could allow a remote attacker to execute commands using a chunked POST request to isaNVWRequest.dll.

Resolution

Use the workaround described in the iDEFENSE advisory.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=353>

Limitations

Works on Trend Micro Control Manager 3.0. Since this is a heap overflow, the success of the exploit depends on the system state.

Platforms

Windows 2000

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.705

Percentile

98.0%

JSON

Related for SAINT:03DD4AD3CB032EA374C89129C9DC3D34