Filtered by vendor Trend Micro
Subscribe
Total
108 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3864 | 1 Trend Micro | 3 Internet Security 2007, Internet Security 2008, Officescan | 2024-02-04 | 5.0 MEDIUM | N/A |
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. | |||||
CVE-2008-1365 | 1 Trend Micro | 1 Officescan Corporate Edition | 2024-02-04 | 6.4 MEDIUM | N/A |
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors. | |||||
CVE-2008-3862 | 1 Trend Micro | 1 Officescan | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests." | |||||
CVE-2007-0074 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC. | |||||
CVE-2007-0072 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC. | |||||
CVE-2008-0013 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014. | |||||
CVE-2008-0012 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. | |||||
CVE-2008-2434 | 1 Trend Micro | 1 Housecall | 2024-02-04 | 9.3 HIGH | N/A |
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
CVE-2007-0073 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC. | |||||
CVE-2008-3866 | 1 Trend Micro | 3 Internet Security 2007, Internet Security 2008, Officescan | 2024-02-04 | 4.6 MEDIUM | N/A |
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. | |||||
CVE-2006-5212 | 1 Trend Micro | 1 Officescan | 2024-02-04 | 5.0 MEDIUM | N/A |
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. | |||||
CVE-2006-6458 | 1 Trend Micro | 3 Officescan, Pc Cillin - Internet Security 2006, Serverprotect | 2024-02-04 | 7.8 HIGH | N/A |
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. | |||||
CVE-2007-0602 | 1 Trend Micro | 1 Viruswall | 2024-02-04 | 6.9 MEDIUM | N/A |
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533. | |||||
CVE-2007-2533 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll. | |||||
CVE-2007-0851 | 1 Trend Micro | 23 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 20 more | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. | |||||
CVE-2007-2508 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll. | |||||
CVE-2007-4277 | 1 Trend Micro | 2 Pc-cillin Internet Security 2007, Scan Engine | 2024-02-04 | 6.6 MEDIUM | N/A |
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. | |||||
CVE-2007-4219 | 1 Trend Micro | 1 Serverprotect | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. | |||||
CVE-2007-3455 | 1 Trend Micro | 1 Officescan | 2024-02-04 | 10.0 HIGH | N/A |
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information." | |||||
CVE-2006-5211 | 1 Trend Micro | 1 Officescan Corporate Edition | 2024-02-04 | 6.4 MEDIUM | N/A |
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program. |