Trend Micro fixes flaws in ServerProtect, PC-cillin

Attackers could tamper with servers and run malicious code by exploiting flaws in Trend Micro's ServerProtect, Anti-Spyware and PC-cillin products. The Tokyo-based antivirus firm has released a patch and hotfix to address the problems.

Trend Micro ServerProtect, an antivirus application designed specifically for servers, is prone to several security holes, including an interger overflow flaw that's exploitable over RPC, according to the Trend Micro ServerProtect security advisory. Specifically, the problem is in the SpntSvc.exe service that listens on TCP port 5168 and is accessible through RPC. Attackers could exploit this to run malicious code with system-level privileges and "completely compromise" affected computers. Failed exploit attempts will result in a denial of service, Trend Micro said.

The problems affect ServerProtect 5.58 Build 1176 and possibly earlier versions.

Meanwhile, Trend Micro Anti-Spyware and PC-cillin Internet contain stack buffer-overflow flaws where the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer, the vendor reported. The issue affects the 'vstlib32.dll' library of Trend Micro's SSAPI Engine. When the library processes a local file that has overly-long path data, it fails to handle a subsequent 'ReadDirectoryChangesW' callback notification from Microsoft Windows.

Attackers who exploit this could inflict the same type of damage as exploits against the ServerProtect flaws. Trend Micro Anti-Spyware for Consumers version 3.5 and PC-cillin Internet Security 2007 are affected.

Trend Micro has released a hotfix to address the problem.