| CVE ID | |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Rocket |
| AFFECTED PRODUCTS |
U2 |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['6257']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of multiple products from multiple vendors that utilize the Uni RPC protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Uni RPC service (unirpcd.exe) which listens by default on TCP port 31438. The unirpc32.dll module implements an RPC protocol and is used by the Uni RPC service. While parsing a size value from an RPC packet header, an integer can overflow and consequently bypass a signed comparison. This controlled value is then used as the number of bytes to receive into a static heap buffer. By providing a specially crafted request, this heap buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user. |
| ADDITIONAL DETAILS |
Rocket U2 states that this issue was first fixed in: UniVerse 10.3.9 and UniData 7.2.8. Recommended fix pack version: UniVerse 10.3.9 and above or UniData 7.2.8 and above. |
| DISCLOSURE TIMELINE |
|
| CREDIT | Ruben Santamarta |
