CVE-2007-6507

Trend Micro ServerProtect <5.58 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6507. PoCs published by toto, including Metasploit module auxiliary/admin/serverprotect/file.

AI-analyzed exploit summary This Metasploit module exploits a remote file access flaw in TrendMicro ServerProtect via DCERPC to perform file operations (delete, download, upload, list). It leverages RPC commands to interact with the vulnerable service on port 5168.

Description

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

Exploits (1)

metasploit WORKING POC

by toto · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/serverprotect/file.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote file access flaw in TrendMicro ServerProtect via DCERPC to perform file operations (delete, download, upload, list). It leverages RPC commands to interact with the vulnerable service on port 5168.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: TrendMicro ServerProtect (version not specified)

No auth needed

Prerequisites: Network access to the target's DCERPC service on port 5168 · Vulnerable version of TrendMicro ServerProtect

MITRE ATT&CK