CVE-2005-1929
Trend Micro ServerProtect < 5.58 - Remote Code Execution via Chunked Transfer Request
Title source: llmDescription
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
References (12)
Core 12
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/257
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/256
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18038
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039978.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015358
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039972.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21772
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21771
Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15865
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15866
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2907
Scores
EPSS
0.0494
EPSS Percentile
91.2%
Details
CWE
CWE-119
Status
published
Products (1)
trend_micro/serverprotect
< 5.58
Published
Dec 14, 2005
Tracked Since
Feb 18, 2026