----------------------------------------------------------------------- SNS Advisory No.36 TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow Vulnerability Problem first discovered: Mon, 11 Jun 2001 Published: Mon, 2 Jul 2001 ---------------------------------------------------------------------- Overview --------- Trend Micro InterScan WebManager is a software which provides malicious mobile code protection, URL filtering and traffic management. A buffer overflow vulnerability exists in HttpSave.dll which is used as web management console feature in InterScan WebManager version 1.2. This problem can allow remote users to execute arbitrary commands with SYSTEM privilege. Problem Description ------------------- InterScan WebManager has a feature which provides management web console. HttpSave.dll which is used for this feature has a buffer overflow when long value is given to a certain parameter. A buffer overflow occurs in the following dump: 00ECFAF0 4F 4F 4F 4F OOOO 00ECFAF4 50 50 50 50 PPPP 00ECFAF8 51 51 51 51 QQQQ 00ECFAFC 52 52 52 52 RRRR 00ECFB00 53 53 53 53 SSSS 00ECFB04 54 54 54 54 TTTT EAX = 00ECFAF4 EIP = 4F4F4F4F Therefore, arbitrary code which is addressed 00ECFAF4 may be executed by calling eax. Tested Version -------------- TrendMicro InterScan WebManager Version 1.2 Tested on --------- Microsoft Windows NT Server 4.0 + SP6a [English] Status of fixes --------------- No patches are available at this moment. Trend Micro support team responded that this problem would be fixed on the next version of WebManager. Until the patch is released, we recommend restrict access to servers. Discovered by ------------- ARAI Yuu (LAC) y.araiat_private Disclaimer ---------- All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information. References ---------- Archive of this advisory: http://www.lac.co.jp/security/english/snsadv_e/36_e.html ------------------------------------------------------------------ Secure Net Service(SNS) Security Advisory <snsadvat_private> Computer Security Laboratory, LAC http://www.lac.co.jp/security/
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 08:35:52 PDT