Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-14T21:00:00
Updated: 2005-12-20T10:00:00
Reserved: 2005-06-08T00:00:00
Link: CVE-2005-1929
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-12-14T21:03:00.000
Modified: 2011-03-07T05:00:00.000
Link: CVE-2005-1929
JSON object: View
Redhat Information
No data.
CWE