| CVE ID | |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Trend Micro |
| AFFECTED PRODUCTS |
Control Manager |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['10748']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the mrf.exe component composes a string used to display an error message. The application will build the string using a buffer located on the stack using a sprintf call. As attacker controlled data is used to construct the string, this can lead to code execution under the context of the application. |
| ADDITIONAL DETAILS |
http://esupport.trendmicro.com/solution/en-us/1057059.aspx Available on download website. sp-tmi-580-win-en-criticalpatch2.exe ReadMe |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
