| GEN:SID | 1:2235 |
| Message | WEB-MISC SpamExcp.dll access |
| Summary | This event is generated when an attempt is made to exploit a buffer overflow in Trend Micro InterScan eManager.
|
| Impact | Serious. Remote administrative access is possible.
|
| Detailed Information | Versions of Trend Micro InterScan eManager suffer from a buffer overflow condition that can present an attacker with the opportunity to execute arbitrary code of their choosing which could lead to remote access to the server.
|
| Affected Systems | Trend Micro InterScan eManager 3.51
|
| Attack Scenarios | If the buffer overflow condition is met, the attacker can run code of their choosing on the affected host.
|
| Ease of Attack | Moderate.
|
| Corrective Action | Upgrade to the latest non-affected version of the software.
Disable the web interface
Enable NTLM authentication for the administrative interface
|
| Additional References | Bugtraq: http://www.securityfocus.com/bid/3327
|
| Rule References | bugtraq: 3327
cve: 2001-0958
nessus: 11747
|