CVE-2005-1929

Sažetak

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039972.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039978.html
http://secunia.com/advisories/18038
http://securityreason.com/securityalert/256
http://securityreason.com/securityalert/257
http://securitytracker.com/id?1015358
http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities
http://www.osvdb.org/21771
http://www.osvdb.org/21772
http://www.securityfocus.com/bid/15865
http://www.securityfocus.com/bid/15866
http://www.vupen.com/english/advisories/2005/2907

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-03-2011 - 05:00

Objavljeno

14-12-2005 - 21:03