COMMAND

    RegGo.dll

SYSTEMS AFFECTED

    TrendMicro InterScan WebManager Version 1.2

PROBLEM

    Following is based on a SNS Advisory No.33.  Trend Micro InterScan
    WebManager  is  a  software  which  provides malicious mobile code
    protection,  URL  filtering  and  traffic  management.   A  buffer
    overflow vulnerability exists  in RegGo.dll which  is used as  web
    management console  feature in  InterScan WebManager  version 1.2.
    This problem can allow remote users to execute arbitrary  commands
    with SYSTEM privilege.

    InterScan WebManager has a  feature which provides management  web
    console.  RegGo.dll  which is used  for this feature  has a buffer
    overflow vulnerability when long parameter was given.

    A buffer overflow occurs with the following dump:

        00F0FC6C  42 42 42 42  BBBB
        00F0FC70  43 43 43 43  CCCC
        00F0FC74  44 44 44 44  DDDD
        00F0FC78  45 45 45 45  EEEE

        EAX = 00F0FC6C
        EIP = 41414141

    Therefore,  arbitrary  code  which  is  addressed  00F0FC6C may be
    executed by calling eax.

    This has been discovered by Arai Yuu.

SOLUTION

    No patches are available at this momen.  Trend Micro support  team
    responded that  this problem  would be  fixed on  next version  of
    WebManager.  But  they didn't provide  any further information  in
    detail.  Until  the patch is  released, restrict access  to refuse
    access to servers which WebManager had installed.