[21291] in bugtraq
[SNS Advisory No.36] TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow Vulnerability
daemon@ATHENA.MIT.EDU (snsadv@lac.co.jp)
Mon Jul 2 11:34:50 2001
Date: Mon, 02 Jul 2001 15:16:08 +0900
From: "snsadv@lac.co.jp" <snsadv@lac.co.jp>
To: bugtraq@securityfocus.com
Message-Id: <20010702151417.7F27.SNSADV@lac.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
-----------------------------------------------------------------------
SNS Advisory No.36
TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow
Vulnerability
Problem first discovered: Mon, 11 Jun 2001
Published: Mon, 2 Jul 2001
----------------------------------------------------------------------
Overview
---------
Trend Micro InterScan WebManager is a software which provides
malicious mobile code protection, URL filtering and traffic management.
A buffer overflow vulnerability exists in HttpSave.dll which is used as
web management console feature in InterScan WebManager version 1.2.
This problem can allow remote users to execute arbitrary commands with
SYSTEM privilege.
Problem Description
-------------------
InterScan WebManager has a feature which provides management web
console. HttpSave.dll which is used for this feature has a buffer overflow
when long value is given to a certain parameter.
A buffer overflow occurs in the following dump:
00ECFAF0 4F 4F 4F 4F OOOO
00ECFAF4 50 50 50 50 PPPP
00ECFAF8 51 51 51 51 QQQQ
00ECFAFC 52 52 52 52 RRRR
00ECFB00 53 53 53 53 SSSS
00ECFB04 54 54 54 54 TTTT
EAX = 00ECFAF4
EIP = 4F4F4F4F
Therefore, arbitrary code which is addressed 00ECFAF4 may be executed
by calling eax.
Tested Version
--------------
TrendMicro InterScan WebManager Version 1.2
Tested on
---------
Microsoft Windows NT Server 4.0 + SP6a [English]
Status of fixes
---------------
No patches are available at this moment. Trend Micro support team
responded that this problem would be fixed on the next version of
WebManager. Until the patch is released, we recommend restrict
access to servers.
Discovered by
-------------
ARAI Yuu (LAC) y.arai@lac.co.jp
Disclaimer
----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is
released as it is. LAC Co.,Ltd. is not responsible for any risks of
occurrences caused by applying those information.
References
----------
Archive of this advisory:
http://www.lac.co.jp/security/english/snsadv_e/36_e.html
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
