Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2005-1929

Disclosure Date: December 14, 2005 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via “wrapped” length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro’s product.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

trend micro

Products

serverprotect

Weaknesses

CWE-119

References

Canonical

CVE-2005-1929 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1929)

BID-15865 (http://www.securityfocus.com/bid/15865)

BID-15866 (http://www.securityfocus.com/bid/15866)

Advisory

SECUNIA-18038 (http://secunia.com/advisories/18038)

SREASON-257 (http://securityreason.com/securityalert/257)

20051214 Re: iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability (http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039978.html)

SECTRACK-1015358 (http://securitytracker.com/id?1015358)

20051214 Re: iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability (http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039972.html)

OSVDB-21772 (http://www.osvdb.org/21772)

OSVDB-21771 (http://www.osvdb.org/21771)

SREASON-256 (http://securityreason.com/securityalert/256)

ADV-2005-2907 (http://www.vupen.com/english/advisories/2005/2907)

Miscellaneous

20051214 Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow (http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities)

Rapid7

Technical Analysis