Affected: Trend Micro ServerProtect versions 5.58 and prior
Description: Trend Micro ServerProtect is a popular enterprise antivirus solution. It contains multiple vulnerabilities in its handling of a variety of inputs. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (SYSTEM). Some technical details are publicly available for these vulnerabilities. It is confirmed that at least one vulnerability can be exploited without authentication. The exact vectors of exploitation have not been disclosed, but it is possible that an attacker could exploit at least one of these vulnerabilities by sending an email to a server running the vulnerable software.
Status: Vendor has not confirmed, no updates available.