Trend Micro has patched several vulnerabilities in its ServerProtect server antivirus application that could enable hackers to execute malicious code and commandeer affected machines.
The four remote stack based overflow flaws affect ServerProtect for Windows 5.58, ServerProtect for EMC 5.58, ServerProtect for Network Appliance Filer 5.61, and ServerProtect for Network Appliance Filer 5.62, according to a Trend Micro advisory issued Wednesday.
Pedram Amini, manager of TippingPoint's Security Research Team, discovered the vulnerabilities and says a successful exploit would result in the complete compromise of a system.
"Since this runs as a privileged user, an attacker would have full control over the system," Amini said.
Hackers could trigger the flaws by sending a specially rigged remote procedure call (RPC) to the affected application, but the potential impact is limited somewhat by the fact that this is not a service that is typically exposed outside the network, according to Amini.
Secunia said the flaw was 'moderately critical', or three on a five-point scale, while Symantec gave the bug its highest rating of 10.
For Trend Micro, this is the third serious vulnerability to be patched in the past three weeks. Last week, Trend patched a critical stack based buffer overflow vulnerability in its OfficeScan security software, and a week earlier, the Tokyo-based vendor fixed a denial-of-service flaw in the ScanEngine component that's included in nearly all of its products.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
