CVE-2005-1929

Trend Micro ServerProtect < 5.58 - Remote Code Execution via Chunked Transfer Request

Title source: llm
STIX 2.1

Description

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.

References (12)

Core 12
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/257
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/256
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18038
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015358
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21772
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21771
Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15865
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15866
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2907

Scores

EPSS 0.0494
EPSS Percentile 91.2%

Details

CWE
CWE-119
Status published
Products (1)
trend_micro/serverprotect < 5.58
Published Dec 14, 2005
Tracked Since Feb 18, 2026