search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow

Vulnerability Note VU#167739

Original Release Date: 2001-09-13 | Last Revised: 2001-09-13

Overview

A remotely exploitable buffer overflow exists in Trend Micro InterScan eManager.

Description

Trend Micro InterScan eManager is an application that inspects email traffic flowing into and out of a network for confidential or inappropriate material entering and/or leaving the network. This application has the capability to inspect, modify, and/or block email at the border of the enterprise. Trend Micro InterScan eManager includes several dynamic link libraries which provide management features for the system administrator over an http interface. Some of these dynamic link libraries contain a remotely exploitable buffer overflow.

Impact

Remote intruders can execute arbitrary code with SYSTEM privileges in the Local System security context.

Solution

The following versions of InterScan eManager are affected.

    • InterScan eManager for NT Ver.3.51 (English)
    • InterScan eManager for NT Ver.3.51(Japanese)

These tests were performed on the following Operating Systems:
    • Windows NT 4.0 Server + SP6a [English]
    • Windows NT 4.0 Server + SP6a [Japanese]

A patch for InterScan eManager for NT Ver.3.51J is available from http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142
A patch for InterScan eManager for NT Ver.3.51 is pending.

If console access via the web is not necessary, remove /eManager virtual directory with the use of Internet Service Manager.

    • Enable NTLM authentication using the Internet Service Manager. This will provide restricted access to Web-based console.
    • Restrict access to web-based console with the use of packet filtering technologies.

Vendor Information

167739
 
Expand all

Trend Micro Affected

Updated:  September 12, 2001

Status

Affected

Vendor Statement

A patch to fix this issue for InterScan eManager for NT Ver.3.51J is available from http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142 A patch for InterScan eManager for NT Ver.3.51 is to be released.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was discovered by Little eArth Corporation Co., Ltd and was made public on September 12, 2001.

This document was written by Ian A. Finlay.

Other Information

CVE IDs: CVE-2001-0958
Severity Metric: 33.75
Date Public: 2001-09-12
Date First Published: 2001-09-13
Date Last Updated: 2001-09-13 17:33 UTC
Document Revision: 52

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis