Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title Trend Micro ServerProtect Integer Overflow Vulnerability
Name VU#959400 First vendor Publication 2007-08-23
Vendor VU-CERT Last vendor Modification 2007-08-23
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#959400

Trend Micro ServerProtect Integer Overflow Vulnerability


Trend Micro ServerProtect contains an integer overflow vulnerability that may allow a remote attacker to execute arbitrary code.

I. Description

Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with centralized management of multiple servers. The ServerProtect architecture includes a management console, information server, and the server which has ServerProtect installed.

The ServerProtect executable that runs on the server being protected by the anti-virus engine is called SpntSvc.exe. This executable uses the StRpcSrv.dll library to handle RPC requests on 5168/tcp.

The ServerProtect component contains an integer overflow vulnerability within the RPC function RPCFN_SYNC_TASK. A remote, unauthenticated attacker may be able to trigger the overflow by sending malformed RPC request to a vulnerable system.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

III. Solution


Trend Micro has addressed this vulnerability in Security Patch 4 - Build 1185.

Restrict Access

Restricting network access to 5168/tcp to trusted hosts may mitigate this vulnerability.

Systems Affected

VendorStatusDate Updated
Trend MicroVulnerable23-Aug-2007




This vulnerability was discovered by Jun Mao (iDefense Labs).

This document was written by Joseph Pruszynski.

Other Information

Date Public08/21/2007
Date First Published08/23/2007 01:14:50 PM
Date Last Updated08/23/2007
CERT Advisory 
CVE NameCVE-2007-4219
Document Revision26

Original Source

Url : http://www.kb.cert.org/vuls/id/959400

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
39751 Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Fun...

Information Assurance Vulnerability Management (IAVM)

Date Description
2007-08-24 IAVM : 2007-T-0035 - Trend Micro ServerProtect Multiple Remote Code Execution Vulnerabilities
Severity : Category I - VMSKEY : V0014876

Nessus® Vulnerability Scanner

Date Description
2007-08-22 Name : It is possible to execute code on the remote host through the AntiVirus Agent.
File : trendmicro_serverprotect_multiple2.nasl - Type : ACT_GATHER_INFO