Post by Arne on Nov 24, 2008 8:32:52 GMT 1
CRITICAL:
Trend Micro ServerProtect Multiple Vulnerabilities
Affected:
Trend Micro ServerProtect versions 5.58 and prior
Description:
Trend Micro ServerProtect is a popular enterprise antivirus
solution. It contains multiple vulnerabilities in its handling of a
variety of inputs. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process (SYSTEM). Some technical details are publicly
available for these vulnerabilities. It is confirmed that at least one
vulnerability can be exploited without authentication. The exact
vectors of exploitation have not been disclosed, but it is possible that
an attacker could exploit at least one of these vulnerabilities by
sending an email to a server running the vulnerable software.
Status:
Vendor has not confirmed, no updates available.
References:
IBM ISS X-Force Security Advisories
www.iss.net/threats/308.html
www.iss.net/threats/309.html
www.iss.net/threats/310.html
www.iss.net/threats/307.html
ISS Frequency X Blog Post
blogs.iss.net/archive/trend.html
Vendor Home Page
us.trendmicro.com/us/home/index.html?utm_source=www.trendmicro.com&utm_medium=referral&utm_campaign=www.trendmicro.com
SecurityFocus BID
www.securityfocus.com/bid/32261
Source: www.qualys.com/index.php
Trend Micro ServerProtect Multiple Vulnerabilities
Affected:
Trend Micro ServerProtect versions 5.58 and prior
Description:
Trend Micro ServerProtect is a popular enterprise antivirus
solution. It contains multiple vulnerabilities in its handling of a
variety of inputs. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process (SYSTEM). Some technical details are publicly
available for these vulnerabilities. It is confirmed that at least one
vulnerability can be exploited without authentication. The exact
vectors of exploitation have not been disclosed, but it is possible that
an attacker could exploit at least one of these vulnerabilities by
sending an email to a server running the vulnerable software.
Status:
Vendor has not confirmed, no updates available.
References:
IBM ISS X-Force Security Advisories
www.iss.net/threats/308.html
www.iss.net/threats/309.html
www.iss.net/threats/310.html
www.iss.net/threats/307.html
ISS Frequency X Blog Post
blogs.iss.net/archive/trend.html
Vendor Home Page
us.trendmicro.com/us/home/index.html?utm_source=www.trendmicro.com&utm_medium=referral&utm_campaign=www.trendmicro.com
SecurityFocus BID
www.securityfocus.com/bid/32261
Source: www.qualys.com/index.php