Software Engineering Institute

Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with centralized management of multiple servers. The ServerProtect architecture includes a management console, information server, and the server which has ServerProtect installed.

The ServerProtect executable that runs on the server being protected by the anti-virus engine is called SpntSvc.exe. This executable uses the StRpcSrv.dll library to handle RPC requests on 5168/tcp.

The ServerProtect component contains an integer overflow vulnerability within the RPC function RPCFN_SYNC_TASK. A remote, unauthenticated attacker may be able to trigger the overflow by sending malformed RPC request to a vulnerable system.

A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

Update

Trend Micro has addressed this vulnerability in Security Patch 4 - Build 1185.

Restrict Access

Restricting network access to 5168/tcp to trusted hosts may mitigate this vulnerability.