What is CVE-2011-5001?

CVE-2011-5001 is a vulnerability in Trend_micro Control_manager, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-12-25.

Is CVE-2011-5001 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Trend_micro Control_manager

CVE-2011-5001

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a cra…

Vulnerability class: Buffer Overflow

EPSS: 0.720 (98.8th percentile) — read the EPSS interpretation.

Affected products

Trend_micro Control_manager
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
1026390 (vdb-entry, x_refsource_SECTRACK)
cm-cgenericscheduleraddtask-bo(71681) (vdb-entry, x_refsource_XF)
47114 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2011-5001?: CVE-2011-5001 is a vulnerability in Trend_micro Control_manager, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-12-25.
Is CVE-2011-5001 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.