CVE-2005-1929
Last modified
CVE-2005-1929 is a vulnerability of currently unknown severity. Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. EPSS estimates a 4.94% chance of exploitation in the next 30 days.
Description
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Serverprotect | <= 5.58 |
References
- http://secunia.com/advisories/18038Vendor Advisory
- http://www.vupen.com/english/advisories/2005/2907Vendor Advisory
- http://secunia.com/advisories/18038Vendor Advisory
- http://www.vupen.com/english/advisories/2005/2907Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-1929?
How severe is CVE-2005-1929?
How do I fix CVE-2005-1929?
Are you affected by CVE-2005-1929?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST