Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: vwall1~3.htm

VirusWall for NT - HttpSaveC?P.dll remote execute arbitrary command



    TrendMicro InterScan VirusWall 3.51


    Following is  based on  a SNS  Advisory No.35.   A buffer overflow
    vulnerability  was   found  in   some  administrative    programs,
    smtpscan.dll, of InterScan VirusWall for Windows NT.  It allows  a
    remote user to execute an arbitrary command with SYSTEM privilege.

    If  long  strings   are  included  in   a  certain  parameter   of
    configuration by  exploiting the  vulnerability that  was reported
    by SNS Advisory  No.28, a buffer  overflow occurs when  requesting
    the following dll(s):


    The following are  a memory dump  and contents of  register when a
    buffer overflow occurs.

             023FFAC2  6D 6D 6D 6E 6E 6E  mmmnnn
             023FFAC8  6F 6F 6F 70 70 70  oooppp
             EAX = 023FFAC8 EIP = 6E6E6E6D

    Therefore, arbitrary  code may  be executed  by calling  eax which
    may be replaced by an attacker's supplied arbitrary code.

    Discovered by Nobuo Miwa.


    To get the patch, send e-mail to or
    search this issue on

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH