Trend Micro ServerProtect earthagent.exe buffer overflow (MSRPC_TrendMicro_Suspicious_Call)

About this signature or vulnerability

Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, BlackICE Server Protection, Proventia Network MFS, Virtual Server Protection for Vmware:

This audit signature detects an MSRPC request to the following TrendMicro functions: DoHotFix, 0x1f0045 ENG_GetNotAllowToWriteFolder, 0x3002A ENG_GetVirusScanExceptionFolder, 0x30024 ENG_GetVirusScanExceptionFile, 0x30027 Locally controlled resources on the server can lead to a buffer overflow, however, it cannot be explicitly detected on the network.

Default risk level

 High

Sensors that have this signature

Proventia Network IPS: XPU 27.110, Proventia Desktop: 2120, Proventia Server IPS for Linux technology: 27.110, BlackICE PC Protection: 3.6cqr, RealSecure Network: XPU 27.110, RealSecure Server Sensor: XPU 27.110, Proventia-G 1.1 and earlier: XPU 27.110, Proventia Network IDS: XPU 27.110, IBM Security Server Protection for Windows: 1.0.914.2120, BlackICE Server Protection: 3.6.cqr, Proventia Network MFS: XPU 27.110, IBM Security Server Protection for Windows: 2.1.14.2400, Virtual Server Protection for Vmware: 1.0

Systems affected

Trend Micro ServerProtect for Windows: 5.58 Build 1176 and prior

Type

Unauthorized Access Attempt

Vulnerability description

How to remove this vulnerability

References