Buffer overflow : Trend Micro Control Manager 'CmdProcessor.exe' Buffer Overflow Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.802876

Category: Buffer overflow

Title: Trend Micro Control Manager 'CmdProcessor.exe' Buffer Overflow Vulnerability

Summary: Trend Micro Control Manager is prone to a buffer overflow vulnerability.

Description: Summary:
Trend Micro Control Manager is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The 'CGenericScheduler::AddTask' function in cmdHandlerRedAlertController.dll
in 'CmdProcessor.exe' fails to process a specially crafted IPC packet sent on
TCP port 20101, which could be exploited by remote attackers to cause a buffer overflow.

Vulnerability Impact:
Successful exploitation will allow attackers to cause buffer overflow
condition or execute arbitrary code.

Affected Software/OS:
Trend Micro Control Manager version 5.5 Build 1250 Hotfix 1550 and prior

Solution:
Apply Critical Patch Build 1613 for Trend Micro Control Manager 5.5.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-5001
Bugtraq: 20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/520780/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-11-345/
http://www.securitytracker.com/id?1026390
http://secunia.com/advisories/47114
XForce ISS Database: cm-cgenericscheduleraddtask-bo(71681)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71681

Copyright Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.802876
Category:	Buffer overflow
Title:	Trend Micro Control Manager 'CmdProcessor.exe' Buffer Overflow Vulnerability
Summary:	Trend Micro Control Manager is prone to a buffer overflow vulnerability.
Description:	Summary: Trend Micro Control Manager is prone to a buffer overflow vulnerability. Vulnerability Insight: The 'CGenericScheduler::AddTask' function in cmdHandlerRedAlertController.dll in 'CmdProcessor.exe' fails to process a specially crafted IPC packet sent on TCP port 20101, which could be exploited by remote attackers to cause a buffer overflow. Vulnerability Impact: Successful exploitation will allow attackers to cause buffer overflow condition or execute arbitrary code. Affected Software/OS: Trend Micro Control Manager version 5.5 Build 1250 Hotfix 1550 and prior Solution: Apply Critical Patch Build 1613 for Trend Micro Control Manager 5.5. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-5001 Bugtraq: 20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/520780/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-345/ http://www.securitytracker.com/id?1026390 http://secunia.com/advisories/47114 XForce ISS Database: cm-cgenericscheduleraddtask-bo(71681) https://exchange.xforce.ibmcloud.com/vulnerabilities/71681
Copyright	Copyright (C) 2012 Greenbone AG