Trend Micro ServerProtect earthagent.exe buffer overflow (MSRPC_TrendMicro_Suspicious_Call)

About this signature or vulnerability

Proventia Desktop, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, BlackICE PC Protection, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, BlackICE Server Protection, Proventia Network MFS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This audit signature detects an MSRPC request to the following TrendMicro functions: DoHotFix, 0x1f0045 ENG_GetNotAllowToWriteFolder, 0x3002A ENG_GetVirusScanExceptionFolder, 0x30024 ENG_GetVirusScanExceptionFile, 0x30027 Locally controlled resources on the server can lead to a buffer overflow, however, it cannot be explicitly detected on the network.

Default risk level

 High

Sensors that have this signature

Proventia Desktop: 2120, Proventia Network IPS: XPU 27.110, RealSecure Network: XPU 27.110, RealSecure Server Sensor: XPU 27.110, BlackICE PC Protection: 3.6cqr, Proventia-G 1.1 and earlier: XPU 27.110, Proventia Network IDS: XPU 27.110, IBM Security Server Protection for Windows: 1.0.914.2120, BlackICE Server Protection: 3.6.cqr, Proventia Network MFS: XPU 27.110, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 27.110, Virtual Server Protection for Vmware: 1.0

Systems affected

Trend Micro ServerProtect for Windows: 5.58 Build 1176 and prior

Type

Unauthorized Access Attempt

Vulnerability description

How to remove this vulnerability

References