Trend Micro InterScan eManager buffer overflow could allow the execution of arbitrary code
| interscan-emanager-bo (7104) |  High Risk |
Description:
Trend Micro InterScan eManager is vulnerable to a buffer overflow in several CGI programs used by the Web-based management interface. A remote attacker can overflow a buffer and execute arbitrary code on the system with LocalSystem privileges.
The vulnerable files are register.dll, contentfilter.dll, sfnofitication.dll, register.dll, top10.dll, spamexcp.dll, and spamrule.dll.
Platforms Affected:
- Trend Micro, InterScan eManager 3.51
- Trend Micro, InterScan eManager 3.51J
Remedy:
Apply the appropriate patch for your system, as listed in SNS Advisory No.42. See References.
As a workaround, perform the following from the list below to minimize the vulnerability.
If Web-based console is not necessary, remove /eManager virtual directory with the use of Internet Service Manager.
— OR —
Enable NTLM authentication with the use of Internet Service Manager. It will provide restrict access to Web-based console.
— OR —
Restrict untrustworthy host's access to Web-based console with the use of Firewall, and so on.
Consequences:
Gain Privileges
References:
- SNS Advisory No.42, Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability at http://www.lac.co.jp/security/english/snsadv_e/42_e.html.
- Trend Micro Japanese Tech Support Web site, solution 3142 at http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142.
- BID-3327: Trend Micro InterScan eManager Buffer Overflow Vulnerability
- CVE-2001-0958: Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.
- US-CERT VU#167739: Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow
Reported:
Sep 12, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net