CVEブラウザに戻る

CVE-2007-4219

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1400%

EPSS Percentile44.97th

Published2007年8月22日

Last Modified2026年4月23日

Vulnerability Description

Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.

Affected Platforms (CPE)

📦

Trend Micro

Serverprotect

= 5.58

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588

🔗 http://secunia.com/advisories/26523

🔗 http://securityreason.com/securityalert/3052

🔗 http://securitytracker.com/id?1018594

🔗 http://www.kb.cert.org/vuls/id/959400

🔗 http://www.securityfocus.com/bid/25396

🔗 http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt

🔗 http://www.us-cert.gov/cas/techalerts/TA07-235A.html

関連する脆弱性情報

CVE-2006-526910.0

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execut...

CVE-2007-107010.0

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 ...

CVE-2006-526810.0

Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors ...

CVE-2007-250810.0

Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers ...