CVE-2007-4218

Name of the Vulnerable Software and Affected Versions Trend Micro ServerProtect for Windows versions prior to 5.58 Security Patch 4

Description The issue concerns multiple buffer overflows in the ServerProtect service, allowing remote attackers to execute arbitrary code via certain RPC requests to specific TCP ports. These requests are processed by various functions, including RPCFN ENG NewManualScan, RPCFN ENG TimedNewManualScan, RPCFN SetComputerName, RPCFN CMON SetSvcImpersonateUser, RPCFN OldCMON SetSvcImpersonateUser, RPCFN ENG TakeActionOnAFile, RPCFN ENG AddTaskExportLogItem, NTF SetPagerNotifyConfig, and RPCFN CopyAUSrc, which are located in different DLL files such as StRpcSrv.dll, Stcommon.dll, Eng50.dll, Notification.dll.

Recommendations For Trend Micro ServerProtect for Windows versions prior to 5.58 Security Patch 4, apply Security Patch 4 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable TCP ports and disabling the RPCFN ENG NewManualScan, RPCFN ENG TimedNewManualScan, RPCFN SetComputerName, RPCFN CMON SetSvcImpersonateUser, RPCFN OldCMON SetSvcImpersonateUser, RPCFN ENG TakeActionOnAFile, RPCFN ENG AddTaskExportLogItem, NTF SetPagerNotifyConfig, and RPCFN CopyAUSrc functions until the patch is applied.