CVE-2007-1070

Published Feb 21, 2007

Last updated 6 years ago

CVSS info 10.0

Overview

Description: Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC3161FD-F631-405A-BE3A-0B78D5DCD7B2"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1364240C-2070-4CEA-BAE9-E94EAFFBBF1D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1364240C-2070-4CEA-BAE9-E94EAFFBBF1D"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:serverprotect:5.61:*:network_appliance_filer:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8226C36-C336-4E78-88CB-8DC4562A3444"
          },
          {
            "criteria": "cpe:2.3:a:trend_micro:serverprotect:5.62:*:network_appliance_filer:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B6C8B25-06D1-4831-B40F-E9F03C9C2A63"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References