HighProventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, BlackICE PC Protection, BlackICE Server Protection, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a specially-crafted MSRPC requests to the MSRPC interface.
High
Proventia Network IPS: XPU 28.020, Proventia Desktop: 2160, RealSecure Network: XPU 28.020, RealSecure Server Sensor: XPU 28.020, BlackICE PC Protection: 3.6cqv, BlackICE Server Protection: 3.6.cqv, Proventia Network MFS: XPU 28.020, Proventia-G 1.1 and earlier: XPU 28.020, Proventia Network IDS: XPU 28.020, IBM Security Server Protection for Windows: 2.0.252.2160, IBM Security Server Protection for Windows: 1.0.914.2160, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 28.020, Virtual Server Protection for Vmware: 1.0
Trend Micro ServerProtect: 5.58, Trend Micro ServerProtect: 5.7
Unauthorized Access Attempt
Trend Micro ServerProtect is vulnerable to a heap-based buffer overflow. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with SYSTEM privileges.
No remedy available as of May 1, 2012.
IBM Internet Security Systems Protection Advisory November 11, 2008
Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)
http://www.iss.net/threats/310.html
ISS X-Force
Trend Micro ServerProtect heap buffer overflow 5
http://www.iss.net/security_center/static/39918.php
CVE
CVE-2008-0012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0012