CVE
- Id
- 3568
- CVE No.
- CVE-2001-0761
- Status
- Candidate
- Description
- Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter.
- Phase
- Proposed (20011012)
- Votes
- ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall | REVIEWING(1) Christey
- Comments
- Christey> CD:SF-LOC may suggest merging with CVE-2001-0678 | Frech> XF:interscan-webmanager-httpsave-bo(6788) | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> There is evidence that this problem was confirmed by Trend, | but there are some inconsistencies. | MISC:http://solutionbank.antivirus.com/solutions/solutionDetail.asp?solutionID=9682 | Note, however, that the date of the patch description at | MISC:http://solutionfile.trendmicro.com/SolutionFile/9682/en/ReadMe-BufferOverflowPatch.txt | is June 19th, but the Bugtraq post was July 2, and the poster | said that a patch had not been available yet. However, the | poster also said that they had notified Trend on June 11. | Add that the Action parameter is the one with the overflow. | | This patch description only identifies HttpSave.dll, not | RegGo.dll (as identified by CVE-2001-0678), but it implies | that multiple DLL"s may have been fixed. Looking at the DLL"s | in the patch, there is RegGo.dll and a number of other DLL"s. | However, this RegGo.dll is different than the one from | the patch for CVE-2001-0678, so maybe they fixed yet another | problem here. | | That problem might be: | BUGTRAQ:20010621 TrendMicro InterScan WebManager Version 1.2 RegGo.dll Buffer Overflow Vulnerability | URL:http://www.securityfocus.com/archive/1/192645 | where the discloser said that the problem was discovered | in June 6 and implied that Trend Micro would fix the problem, | so Trend was notified sometime between June 6 and June 21. | So, the dates might imply that Trend fixed both the | HTTPSave.dll and this variant (if in fact it"s a variant and | not a rediscovery of CVE-2001-0678) in a single patch. | If true, then that would argue that this candidate should be | merged with the RegGo.dll variant reported in the above | Bugtraq reference, along with some of the other DLL"s - just | in case someone rediscovers THOSE, too. | | Other DLL"s in this patch are covered in other posts | in the same time frame by the same person. | HttpSaveCVP.dll and HttpSaveCSP.dll are in: | BUGTRAQ:20010628 [SNS Advisory No.35] TrendMicro InterScan VirusWall 3.51 HttpSaveC*P.dll Buffer Overflow | URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0388.html | smtpscan.dll is described in: | BUGTRAQ:20010628 [SNS Advisory No.34] TrendMicro InterScan VirusWall 3.51 smtpscan.dll Buffer Overflow | URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0387.html
