TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1042
overflow. This vulnerability is due to improper bounds checking by the SetSpntShareConfig function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and
execute arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch
for this vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. This signature
specifically detects if an attacker could send malicious pattern in little endian form.
Signature ID: 38005
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218 Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer
overflow. This vulnerability is due to improper bounds checking by the AddTaskExportLogItem function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port, a remote attacker could overflow a buffer and execute
arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch for this
vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. This signature specifically
detects if an attacker could send malicious pattern in little endian form.
Signature ID: 38006
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218 Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer
overflow. This vulnerability is due to improper bounds checking by the TakeActionOnAFile function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and
execute arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch
for this vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. This signature
specifically detects if an attacker could send malicious pattern in little endian form.
Signature ID: 38007
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218
Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer
overflow. This vulnerability is due to improper bounds checking by the SetSpntShareConfig function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port 3628, a remote attacker could overflow a buffer and
execute arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch
for this vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site.
Signature ID: 38008
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218
Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer
overflow. This vulnerability is due to improper bounds checking by the TakeActionOnAFile function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and
execute arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch
for this vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site.