module
TrendMicro Control Manger CmdProcessor.exe Stack Buffer Overflow
| Disclosed | Created |
|---|---|
| 2011-12-07 | 2018-05-30 |
Disclosed
2011-12-07
Created
2018-05-30
Description
This module exploits a vulnerability in the CmdProcessor.exe component of Trend
Micro Control Manger up to version 5.5.
The specific flaw exists within CmdProcessor.exe service running on TCP port
20101. The vulnerable function is the CGenericScheduler::AddTask function of
cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet,
controlled data is copied into a 256-byte stack buffer. This can be exploited
to execute remote code under the context of the user.
Micro Control Manger up to version 5.5.
The specific flaw exists within CmdProcessor.exe service running on TCP port
20101. The vulnerable function is the CGenericScheduler::AddTask function of
cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet,
controlled data is copied into a 256-byte stack buffer. This can be exploited
to execute remote code under the context of the user.
Authors
Luigi Auriemma
Blue
Blue
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.