Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-2508

Disclosure Date: May 08, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow

Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow

Description

Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

trend micro

Products

serverprotect

Metasploit Modules

Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb)

Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb)

References

Canonical

CVE-2007-2508 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2508)

BID-23868 (http://www.securityfocus.com/bid/23868)

BID-23866 (http://www.securityfocus.com/bid/23866)

Advisory

ADV-2007-1689 (http://www.vupen.com/english/advisories/2007/1689)

XF-serverprotect-earthagent-bo(34163) (https://exchange.xforce.ibmcloud.com/vulnerabilities/34163)

OSVDB-35790 (http://osvdb.org/35790)

http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt

20070507 ZDI-07-024: Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability (http://www.securityfocus.com/archive/1/467932/100/0/threaded)

VU#515616 (http://www.kb.cert.org/vuls/id/515616)

20070507 ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability (http://www.securityfocus.com/archive/1/467933/100/0/threaded)

XF-serverprotect-agrpccln-bo(34162) (https://exchange.xforce.ibmcloud.com/vulnerabilities/34162)

SECTRACK-1018010 (http://securitytracker.com/id?1018010)

SECUNIA-25186 (http://secunia.com/advisories/25186)

OSVDB-35789 (http://osvdb.org/35789)

VU#488424 (http://www.kb.cert.org/vuls/id/488424)

Miscellaneous

http://www.zerodayinitiative.com/advisories/ZDI-07-025.html

http://www.zerodayinitiative.com/advisories/ZDI-07-024.html

Rapid7

Technical Analysis