CVE-2007-6507 : SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

Published 2007-12-20 23:46:00

Updated 2018-10-15 21:54:50

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2007-6507

Probability of exploitation activity in the next 30 days: 97.01%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2007-6507

TrendMicro ServerProtect File Access

First seen: 2020-04-26

auxiliary/admin/serverprotect/file

This modules exploits a remote file access flaw in the ServerProtect Windows Server RPC service. Please see the action list (or the help output) for more information. Authors: - toto

More information

CVSS scores for CVE-2007-6507

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-6507

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-6507

Products affected by CVE-2007-6507

Trend Micro » Serverprotect » Version: 5.58 Security Patch 3 Windows Edition
cpe:2.3:a:trend_micro:serverprotect:5.58_security_patch_3:*:windows:*:*:*:*:*
Matching versions