CVE-2007-4219

Name of the Vulnerable Software and Affected Versions Trend Micro ServerProtect for Windows versions prior to 5.58 Security Patch 4

Description The issue is related to an integer overflow in the RPCFN SYNC TASK function in StRpcSrv.dll, used by the ServerProtect service (SpntSvc.exe). This allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, triggering a heap-based buffer overflow.

Recommendations For versions prior to 5.58 Security Patch 4, apply Security Patch 4 to resolve the issue. As a temporary workaround, consider restricting access to TCP port 5168 to minimize the risk of exploitation.