Vulnerability Description
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | r2 |
| Microsoft | Windows Nt | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
| Trend Micro | Serverprotect | 5.58 |
References
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290PatchVendor Advisory
- http://osvdb.org/33042
- http://secunia.com/advisories/24243
- http://www.kb.cert.org/vuls/id/349393US Government Resource
- http://www.kb.cert.org/vuls/id/466609US Government Resource
- http://www.kb.cert.org/vuls/id/630025US Government Resource
- http://www.kb.cert.org/vuls/id/730433US Government Resource
- http://www.securityfocus.com/archive/1/460686/100/0/threaded
- http://www.securityfocus.com/archive/1/460690/100/0/threaded
- http://www.securityfocus.com/bid/22639
- http://www.securitytracker.com/id?1017676
- http://www.tippingpoint.com/security/advisories/TSRT-07-01.htmlVendor Advisory
- http://www.tippingpoint.com/security/advisories/TSRT-07-02.htmlVendor Advisory
- http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/0670
FAQ
What is CVE-2007-1070?
CVE-2007-1070 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted...
How severe is CVE-2007-1070?
CVE-2007-1070 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1070?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Nt, Microsoft Windows Vista, Microsoft Windows Xp.