Vulnerabilites related to trend_micro - internet_security_2007
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*", matchCriteriaId: "C374395B-80B1-4FBA-88F6-1C155900E4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*", matchCriteriaId: "F794E937-C7EC-423B-AF79-F7C214114BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.", }, { lang: "es", value: "El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC, utilizado en Trend Micro OfficeScan 8.0 SP1 parche 1 e Internet Security 2007 y 2008 v17.0.1224, se basa en la protección de la contraseña del lado del cliente implementada en la configuración GUI, lo que permite a usuarios locales evitar las restricciones de de acceso previstas y cambiar las configuraciones del cortafuegos utilizando un cliente modificado que envía paquetes manipulados.", }, ], id: "CVE-2008-3866", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-21T20:30:00.233", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-43/", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021616", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021617", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-43/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*", matchCriteriaId: "C374395B-80B1-4FBA-88F6-1C155900E4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*", matchCriteriaId: "F794E937-C7EC-423B-AF79-F7C214114BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.", }, { lang: "es", value: "Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos ejecutar código de su elección mediante un paquete con un valor pequeño en un campo de tamaño no especificado.", }, ], id: "CVE-2008-3865", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-21T20:30:00.203", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-42/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://securityreason.com/securityalert/4937", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021614", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021615", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-42/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*", matchCriteriaId: "C374395B-80B1-4FBA-88F6-1C155900E4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*", matchCriteriaId: "F794E937-C7EC-423B-AF79-F7C214114BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.", }, { lang: "es", value: "La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegación de sevicio (caída de aplicación) mediante un paquete con un valor grande en un campo de tamaño no especificado.", }, ], id: "CVE-2008-3864", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-21T20:30:00.187", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://secunia.com/secunia_research/2008-42/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://securityreason.com/securityalert/4937", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021614", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021615", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/secunia_research/2008-42/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2008-3864
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021615 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/secunia_research/2008-42/ | x_refsource_MISC | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48106 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/500195/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/33358 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/0191 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33609 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4937 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/31160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1021614 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.486Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-dos(48106)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021614", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-20T00:00:00", descriptions: [ { lang: "en", value: "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-dos(48106)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021614", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-3864", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1021615", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021615", }, { name: "http://secunia.com/secunia_research/2008-42/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-42/", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-dos(48106)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", refsource: "BID", url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", refsource: "SECUNIA", url: "http://secunia.com/advisories/33609", }, { name: "4937", refsource: "SREASON", url: "http://securityreason.com/securityalert/4937", }, { name: "31160", refsource: "SECUNIA", url: "http://secunia.com/advisories/31160", }, { name: "1021614", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021614", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-3864", datePublished: "2009-01-21T20:00:00", dateReserved: "2008-08-29T00:00:00", dateUpdated: "2024-08-07T09:53:00.486Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3866
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/secunia_research/2008-43/ | x_refsource_MISC | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | x_refsource_MISC | |
| http://www.securitytracker.com/id?1021616 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48108 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1021617 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/33358 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/0191 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33609 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/31160 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.489Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-43/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "1021616", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021616", }, { name: "nsc-tmpfw-security-bypass(48108)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { name: "1021617", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021617", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33609", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31160", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-20T00:00:00", descriptions: [ { lang: "en", value: "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-43/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "1021616", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021616", }, { name: "nsc-tmpfw-security-bypass(48108)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { name: "1021617", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021617", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33609", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31160", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-3866", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://secunia.com/secunia_research/2008-43/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-43/", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", refsource: "MISC", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "1021616", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021616", }, { name: "nsc-tmpfw-security-bypass(48108)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { name: "1021617", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021617", }, { name: "33358", refsource: "BID", url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", refsource: "SECUNIA", url: "http://secunia.com/advisories/33609", }, { name: "31160", refsource: "SECUNIA", url: "http://secunia.com/advisories/31160", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-3866", datePublished: "2009-01-21T20:00:00", dateReserved: "2008-08-29T00:00:00", dateUpdated: "2024-08-07T09:53:00.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3865
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021615 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/secunia_research/2008-42/ | x_refsource_MISC | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48107 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/500195/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/33358 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/0191 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33609 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4937 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/31160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1021614 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-bo(48107)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021614", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-bo(48107)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021614", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-3865", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1021615", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021615", }, { name: "http://secunia.com/secunia_research/2008-42/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-42/", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-bo(48107)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", refsource: "BID", url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", refsource: "SECUNIA", url: "http://secunia.com/advisories/33609", }, { name: "4937", refsource: "SREASON", url: "http://securityreason.com/securityalert/4937", }, { name: "31160", refsource: "SECUNIA", url: "http://secunia.com/advisories/31160", }, { name: "1021614", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021614", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-3865", datePublished: "2009-01-21T20:00:00", dateReserved: "2008-08-29T00:00:00", dateUpdated: "2024-08-07T09:53:00.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }