|
Vulnerability HttpSaveC?P.dll Affected TrendMicro InterScan VirusWall 3.51 Description Following is based on a SNS Advisory No.35. A buffer overflow vulnerability was found in some administrative programs, smtpscan.dll, of InterScan VirusWall for Windows NT. It allows a remote user to execute an arbitrary command with SYSTEM privilege. If long strings are included in a certain parameter of configuration by exploiting the vulnerability that was reported by SNS Advisory No.28, a buffer overflow occurs when requesting the following dll(s): http://server/interscan/cgi-bin/HttpSaveCVP.dll http://server/interscan/cgi-bin/HttpSaveCSP.dll The following are a memory dump and contents of register when a buffer overflow occurs. dump: 023FFAC2 6D 6D 6D 6E 6E 6E mmmnnn 023FFAC8 6F 6F 6F 70 70 70 oooppp register: EAX = 023FFAC8 EIP = 6E6E6E6D Therefore, arbitrary code may be executed by calling eax which may be replaced by an attacker's supplied arbitrary code. Discovered by Nobuo Miwa. Solution To get the patch, send e-mail to support@support.trendmicro.com or search this issue on http://solutionbank.antivirus.com/solutions/solutionSearch.asp