CVE-2005-1929

Name of the Vulnerable Software and Affected Versions Trend Micro ServerProtect Management Console versions 5.58 and earlier

Description The issue is related to multiple heap-based buffer overflows in isaNVWRequest.dll and relay.dll, which can be exploited by remote attackers to execute arbitrary code. This is achieved through "wrapped" length values in Chunked transfer requests. It is noted that the relay.dll issue might be related to a problem in the Microsoft Foundation Classes (MFC) static library, which returns invalid values under heavy load.

Recommendations For Trend Micro ServerProtect Management Console versions 5.58 and earlier, consider restricting access to the isaNVWRequest.dll and relay.dll modules to minimize the risk of exploitation. As a temporary workaround, avoid using Chunked transfer requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.