CVE-2007-2508

Name of the Vulnerable Software and Affected Versions Trend Micro ServerProtect versions 5.58 before Security Patch 2 Build 1174

Description The issue involves multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code via crafted data to specific TCP ports. This is achieved by triggering overflows in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe via TCP port 5168, or in EarthAgent.exe via TCP port 3628. Both issues are reachable via TmRpcSrv.dll.

Recommendations For Trend Micro ServerProtect version 5.58 before Security Patch 2 Build 1174, apply Security Patch 2 Build 1174 to resolve the issue. As a temporary workaround, consider restricting access to TCP ports 5168 and 3628 to minimize the risk of exploitation. Avoid using the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library until the issue is resolved. Restrict access to the TmRpcSrv.dll library to minimize the risk of exploitation.