Vulnerabilites related to trend_micro - officescan
cve-2002-1349
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
EPSS score ?
Summary
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/157961 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=103953822705917&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/6350 | vdb-entry, x_refsource_BID | |
| http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10814 | vdb-entry, x_refsource_XF | |
| http://www.texonet.com/advisories/TEXONET-20021210.txt | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:19:28.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#157961", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/157961", }, { name: "20021210 Unchecked buffer in PC-cillin", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=103953822705917&w=2", }, { name: "6350", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6350", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982", }, { name: "pccillin-pop3trap-bo(10814)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.texonet.com/advisories/TEXONET-20021210.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-12-10T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2004-08-04T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "VU#157961", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/157961", }, { name: "20021210 Unchecked buffer in PC-cillin", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=103953822705917&w=2", }, { name: "6350", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6350", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982", }, { name: "pccillin-pop3trap-bo(10814)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814", }, { tags: [ "x_refsource_MISC", ], url: "http://www.texonet.com/advisories/TEXONET-20021210.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-1349", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "VU#157961", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/157961", }, { name: "20021210 Unchecked buffer in PC-cillin", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=103953822705917&w=2", }, { name: "6350", refsource: "BID", url: "http://www.securityfocus.com/bid/6350", }, { name: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982", refsource: "CONFIRM", url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982", }, { name: "pccillin-pop3trap-bo(10814)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814", }, { name: "http://www.texonet.com/advisories/TEXONET-20021210.txt", refsource: "MISC", url: "http://www.texonet.com/advisories/TEXONET-20021210.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-1349", datePublished: "2004-09-01T04:00:00", dateReserved: "2002-12-10T00:00:00", dateUpdated: "2024-08-08T03:19:28.812Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-1341
Vulnerability from cvelistv5
Published
2007-10-14 19:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6181 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/7881 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11059 | vdb-entry, x_refsource_XF | |
| http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/6616 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:28:02.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "6181", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/6181", }, { name: "7881", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/7881", }, { name: "officescan-cgichkmasterpwd-auth-bypass(11059)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { name: "20030114 Assorted Trend Vulns Rev 2.0", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { name: "6616", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6616", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-01-14T00:00:00", descriptions: [ { lang: "en", value: "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "6181", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/6181", }, { name: "7881", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/7881", }, { name: "officescan-cgichkmasterpwd-auth-bypass(11059)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { name: "20030114 Assorted Trend Vulns Rev 2.0", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { name: "6616", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6616", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-1341", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "6181", refsource: "OSVDB", url: "http://www.osvdb.org/6181", }, { name: "7881", refsource: "SECUNIA", url: "http://secunia.com/advisories/7881", }, { name: "officescan-cgichkmasterpwd-auth-bypass(11059)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { name: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", refsource: "CONFIRM", url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { name: "20030114 Assorted Trend Vulns Rev 2.0", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { name: "6616", refsource: "BID", url: "http://www.securityfocus.com/bid/6616", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-1341", datePublished: "2007-10-14T19:00:00", dateReserved: "2007-10-14T00:00:00", dateUpdated: "2024-08-08T02:28:02.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-6178
Vulnerability from cvelistv5
Published
2006-11-30 23:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/4852 | vdb-entry, x_refsource_VUPEN | |
| http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/21442 | vdb-entry, x_refsource_BID | |
| http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:19:35.085Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2006-4852", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4852", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt", }, { name: "21442", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/21442", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-06-23T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-12-08T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2006-4852", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4852", }, { tags: [ "x_refsource_MISC", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt", }, { name: "21442", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/21442", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-6178", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2006-4852", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/4852", }, { name: "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt", refsource: "MISC", url: "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt", }, { name: "21442", refsource: "BID", url: "http://www.securityfocus.com/bid/21442", }, { name: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702", refsource: "CONFIRM", url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-6178", datePublished: "2006-11-30T23:00:00", dateReserved: "2006-11-30T00:00:00", dateUpdated: "2024-08-07T20:19:35.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0533
Vulnerability from cvelistv5
Published
2005-02-24 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013290 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1013289 | vdb-entry, x_refsource_SECTRACK | |
| http://xforce.iss.net/xforce/alerts/id/189 | third-party-advisory, x_refsource_ISS | |
| http://secunia.com/advisories/14396 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/12643 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:13:54.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution", }, { name: "1013290", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013290", }, { name: "1013289", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013289", }, { name: "20050224 Trend Micro AntiVirus Library Heap Overflow", tags: [ "third-party-advisory", "x_refsource_ISS", "x_transferred", ], url: "http://xforce.iss.net/xforce/alerts/id/189", }, { name: "14396", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14396", }, { name: "12643", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12643", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-24T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2005-02-28T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution", }, { name: "1013290", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013290", }, { name: "1013289", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013289", }, { name: "20050224 Trend Micro AntiVirus Library Heap Overflow", tags: [ "third-party-advisory", "x_refsource_ISS", ], url: "http://xforce.iss.net/xforce/alerts/id/189", }, { name: "14396", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14396", }, { name: "12643", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12643", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0533", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution", refsource: "CONFIRM", url: "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution", }, { name: "1013290", refsource: "SECTRACK", url: "http://securitytracker.com/id?1013290", }, { name: "1013289", refsource: "SECTRACK", url: "http://securitytracker.com/id?1013289", }, { name: "20050224 Trend Micro AntiVirus Library Heap Overflow", refsource: "ISS", url: "http://xforce.iss.net/xforce/alerts/id/189", }, { name: "14396", refsource: "SECUNIA", url: "http://secunia.com/advisories/14396", }, { name: "12643", refsource: "BID", url: "http://www.securityfocus.com/bid/12643", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0533", datePublished: "2005-02-24T05:00:00", dateReserved: "2005-02-24T00:00:00", dateUpdated: "2024-08-07T21:13:54.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-3379
Vulnerability from cvelistv5
Published
2005-10-29 19:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/15189 | vdb-entry, x_refsource_BID | |
| http://www.securityelf.org/magicbyte.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/415173 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityelf.org/magicbyteadv.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=113026417802703&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityelf.org/updmagic.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:10:08.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "15189", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15189", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityelf.org/magicbyte.html", }, { name: "20051029 Trend Micro's Response to the Magic Byte Bug", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/415173", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityelf.org/magicbyteadv.html", }, { name: "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=113026417802703&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityelf.org/updmagic.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-10-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-19T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "15189", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15189", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityelf.org/magicbyte.html", }, { name: "20051029 Trend Micro's Response to the Magic Byte Bug", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/415173", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityelf.org/magicbyteadv.html", }, { name: "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=113026417802703&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityelf.org/updmagic.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-3379", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "15189", refsource: "BID", url: "http://www.securityfocus.com/bid/15189", }, { name: "http://www.securityelf.org/magicbyte.html", refsource: "MISC", url: "http://www.securityelf.org/magicbyte.html", }, { name: "20051029 Trend Micro's Response to the Magic Byte Bug", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/415173", }, { name: "http://www.securityelf.org/magicbyteadv.html", refsource: "MISC", url: "http://www.securityelf.org/magicbyteadv.html", }, { name: "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=113026417802703&w=2", }, { name: "http://www.securityelf.org/updmagic.html", refsource: "MISC", url: "http://www.securityelf.org/updmagic.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-3379", datePublished: "2005-10-29T19:00:00", dateReserved: "2005-10-29T00:00:00", dateUpdated: "2024-08-07T23:10:08.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-1381
Vulnerability from cvelistv5
Published
2006-03-24 11:00
Modified
2024-08-07 17:12
Severity ?
EPSS score ?
Summary
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25415 | vdb-entry, x_refsource_XF | |
| http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2006/1041 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/11576 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T17:12:21.332Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "imss-isntsmtp-directory-permissions(25415)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", }, { name: "ADV-2006-1041", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/1041", }, { name: "11576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11576", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-03-15T00:00:00", descriptions: [ { lang: "en", value: "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "imss-isntsmtp-directory-permissions(25415)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415", }, { tags: [ "x_refsource_MISC", ], url: "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", }, { name: "ADV-2006-1041", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/1041", }, { name: "11576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11576", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-1381", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "imss-isntsmtp-directory-permissions(25415)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415", }, { name: "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", refsource: "MISC", url: "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", }, { name: "ADV-2006-1041", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/1041", }, { name: "11576", refsource: "SECUNIA", url: "http://secunia.com/advisories/11576", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-1381", datePublished: "2006-03-24T11:00:00", dateReserved: "2006-03-24T00:00:00", dateUpdated: "2024-08-07T17:12:21.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3865
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021615 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/secunia_research/2008-42/ | x_refsource_MISC | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48107 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/500195/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/33358 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/0191 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33609 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4937 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/31160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1021614 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-bo(48107)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021614", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-bo(48107)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021614", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-3865", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1021615", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021615", }, { name: "http://secunia.com/secunia_research/2008-42/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-42/", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-bo(48107)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", refsource: "BID", url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", refsource: "SECUNIA", url: "http://secunia.com/advisories/33609", }, { name: "4937", refsource: "SREASON", url: "http://securityreason.com/securityalert/4937", }, { name: "31160", refsource: "SECUNIA", url: "http://secunia.com/advisories/31160", }, { name: "1021614", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021614", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-3865", datePublished: "2009-01-21T20:00:00", dateReserved: "2008-08-29T00:00:00", dateUpdated: "2024-08-07T09:53:00.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2000-0204
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com | mailing-list, x_refsource_BUGTRAQ | |
| http://www.antivirus.com/download/ofce_patch_35.htm | x_refsource_MISC | |
| http://www.securityfocus.com/bid/1013 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:05:54.122Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20000226 DOS in Trendmicro OfficeScan", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html", }, { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "1013", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/1013", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2000-02-26T00:00:00", descriptions: [ { lang: "en", value: "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2003-03-21T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20000226 DOS in Trendmicro OfficeScan", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html", }, { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { tags: [ "x_refsource_MISC", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "1013", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/1013", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-0204", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20000226 DOS in Trendmicro OfficeScan", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html", }, { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com", }, { name: "http://www.antivirus.com/download/ofce_patch_35.htm", refsource: "MISC", url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "1013", refsource: "BID", url: "http://www.securityfocus.com/bid/1013", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-0204", datePublished: "2000-03-22T05:00:00", dateReserved: "2000-03-22T00:00:00", dateUpdated: "2024-08-08T05:05:54.122Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-0851
Vulnerability from cvelistv5
Published
2007-02-08 18:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:34:21.122Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1017601", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017601", }, { name: "22449", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22449", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289", }, { name: "1017603", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017603", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.jpcert.or.jp/at/2007/at070004.txt", }, { name: "24087", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24087", }, { name: "33038", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/33038", }, { name: "ADV-2007-0522", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0522", }, { name: "JVN#77366274", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/jp/JVN%2377366274/index.html", }, { name: "VU#276432", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/276432", }, { name: "20070208 Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470", }, { name: "antivirus-upx-bo(32352)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352", }, { name: "ADV-2007-0569", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0569", }, { name: "1017602", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017602", }, { name: "24128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24128", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-02-08T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1017601", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017601", }, { name: "22449", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22449", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289", }, { name: "1017603", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017603", }, { tags: [ "x_refsource_MISC", ], url: "http://www.jpcert.or.jp/at/2007/at070004.txt", }, { name: "24087", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24087", }, { name: "33038", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/33038", }, { name: "ADV-2007-0522", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0522", }, { name: "JVN#77366274", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/jp/JVN%2377366274/index.html", }, { name: "VU#276432", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/276432", }, { name: "20070208 Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470", }, { name: "antivirus-upx-bo(32352)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352", }, { name: "ADV-2007-0569", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0569", }, { name: "1017602", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017602", }, { name: "24128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24128", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0851", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1017601", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017601", }, { name: "22449", refsource: "BID", url: "http://www.securityfocus.com/bid/22449", }, { name: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289", refsource: "CONFIRM", url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289", }, { name: "1017603", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017603", }, { name: "http://www.jpcert.or.jp/at/2007/at070004.txt", refsource: "MISC", url: "http://www.jpcert.or.jp/at/2007/at070004.txt", }, { name: "24087", refsource: "SECUNIA", url: "http://secunia.com/advisories/24087", }, { name: "33038", refsource: "OSVDB", url: "http://osvdb.org/33038", }, { name: "ADV-2007-0522", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/0522", }, { name: "JVN#77366274", refsource: "JVN", url: "http://jvn.jp/jp/JVN%2377366274/index.html", }, { name: "VU#276432", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/276432", }, { name: "20070208 Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability", refsource: "IDEFENSE", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470", }, { name: "antivirus-upx-bo(32352)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352", }, { name: "ADV-2007-0569", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/0569", }, { name: "1017602", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017602", }, { name: "24128", refsource: "SECUNIA", url: "http://secunia.com/advisories/24128", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0851", datePublished: "2007-02-08T18:00:00", dateReserved: "2007-02-08T00:00:00", dateUpdated: "2024-08-07T12:34:21.122Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-2430
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6840 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/10503 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16375 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11806 | third-party-advisory, x_refsource_SECUNIA | |
| http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:29:12.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "6840", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/6840", }, { name: "10503", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/10503", }, { name: "officescan-service-gain-privileges(16375)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375", }, { name: "20040609 Trend Officescan local privilege escalation", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html", }, { name: "11806", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11806", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-06-09T00:00:00", descriptions: [ { lang: "en", value: "Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "6840", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/6840", }, { name: "10503", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/10503", }, { name: "officescan-service-gain-privileges(16375)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375", }, { name: "20040609 Trend Officescan local privilege escalation", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html", }, { name: "11806", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11806", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-2430", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "6840", refsource: "OSVDB", url: "http://www.osvdb.org/6840", }, { name: "10503", refsource: "BID", url: "http://www.securityfocus.com/bid/10503", }, { name: "officescan-service-gain-privileges(16375)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375", }, { name: "20040609 Trend Officescan local privilege escalation", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html", }, { name: "11806", refsource: "SECUNIA", url: "http://secunia.com/advisories/11806", }, { name: "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118", refsource: "CONFIRM", url: "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-2430", datePublished: "2005-08-18T04:00:00", dateReserved: "2005-08-18T00:00:00", dateUpdated: "2024-08-08T01:29:12.828Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-4403
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31531 | vdb-entry, x_refsource_BID | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32097 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1020974 | vdb-entry, x_refsource_SECTRACK | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2712 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45599 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:17:09.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31531", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31531", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "32097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32097", }, { name: "1020974", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020974", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "ADV-2008-2712", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2712", }, { name: "trendmicro-officescan-cgi-unspecified-bo(45599)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-02T00:00:00", descriptions: [ { lang: "en", value: "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31531", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31531", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "32097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32097", }, { name: "1020974", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020974", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "ADV-2008-2712", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2712", }, { name: "trendmicro-officescan-cgi-unspecified-bo(45599)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-4403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31531", refsource: "BID", url: "http://www.securityfocus.com/bid/31531", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "32097", refsource: "SECUNIA", url: "http://secunia.com/advisories/32097", }, { name: "1020974", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020974", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "ADV-2008-2712", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2712", }, { name: "trendmicro-officescan-cgi-unspecified-bo(45599)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-4403", datePublished: "2008-10-03T15:00:00", dateReserved: "2008-10-03T00:00:00", dateUpdated: "2024-08-07T10:17:09.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-2006
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108395366909344&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10300 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16092 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11576 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/5990 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:15:01.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20040507 Security issue with Trend OfficeScan Corporate Edition", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=108395366909344&w=2", }, { name: "10300", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/10300", }, { name: "officescan-configuration-modify(16092)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092", }, { name: "11576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/11576", }, { name: "5990", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/5990", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-05-07T00:00:00", descriptions: [ { lang: "en", value: "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20040507 Security issue with Trend OfficeScan Corporate Edition", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=108395366909344&w=2", }, { name: "10300", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/10300", }, { name: "officescan-configuration-modify(16092)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092", }, { name: "11576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/11576", }, { name: "5990", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/5990", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-2006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20040507 Security issue with Trend OfficeScan Corporate Edition", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=108395366909344&w=2", }, { name: "10300", refsource: "BID", url: "http://www.securityfocus.com/bid/10300", }, { name: "officescan-configuration-modify(16092)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092", }, { name: "11576", refsource: "SECUNIA", url: "http://secunia.com/advisories/11576", }, { name: "5990", refsource: "OSVDB", url: "http://www.osvdb.org/5990", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-2006", datePublished: "2005-05-10T04:00:00", dateReserved: "2005-05-04T00:00:00", dateUpdated: "2024-08-08T01:15:01.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2000-0205
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com | mailing-list, x_refsource_BUGTRAQ | |
| http://www.antivirus.com/download/ofce_patch_35.htm | x_refsource_MISC | |
| http://www.securityfocus.com/bid/1013 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:05:54.100Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20000303 TrendMicro OfficeScan, numerous security holes, remote files modification.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html", }, { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "1013", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/1013", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2000-03-03T00:00:00", descriptions: [ { lang: "en", value: "Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2003-03-21T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20000303 TrendMicro OfficeScan, numerous security holes, remote files modification.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html", }, { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { tags: [ "x_refsource_MISC", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "1013", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/1013", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-0205", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20000303 TrendMicro OfficeScan, numerous security holes, remote files modification.", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html", }, { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com", }, { name: "http://www.antivirus.com/download/ofce_patch_35.htm", refsource: "MISC", url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "1013", refsource: "BID", url: "http://www.securityfocus.com/bid/1013", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-0205", datePublished: "2000-03-22T05:00:00", dateReserved: "2000-03-22T00:00:00", dateUpdated: "2024-08-08T05:05:54.100Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-6458
Vulnerability from cvelistv5
Published
2006-12-11 17:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21509 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/23321 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/4918 | vdb-entry, x_refsource_VUPEN | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 | third-party-advisory, x_refsource_IDEFENSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:26:46.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "21509", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/21509", }, { name: "23321", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/23321", }, { name: "ADV-2006-4918", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4918", }, { name: "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-12-08T00:00:00", descriptions: [ { lang: "en", value: "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-12-16T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "21509", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/21509", }, { name: "23321", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/23321", }, { name: "ADV-2006-4918", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4918", }, { name: "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-6458", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "21509", refsource: "BID", url: "http://www.securityfocus.com/bid/21509", }, { name: "23321", refsource: "SECUNIA", url: "http://secunia.com/advisories/23321", }, { name: "ADV-2006-4918", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/4918", }, { name: "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", refsource: "IDEFENSE", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-6458", datePublished: "2006-12-11T17:00:00", dateReserved: "2006-12-11T00:00:00", dateUpdated: "2024-08-07T20:26:46.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-3454
Vulnerability from cvelistv5
Published
2007-06-27 00:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/24641 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/36629 | vdb-entry, x_refsource_OSVDB | |
| http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35051 | vdb-entry, x_refsource_XF | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559 | third-party-advisory, x_refsource_IDEFENSE | |
| http://securitytracker.com/id?1018320 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2330 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25778 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:21:35.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "24641", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24641", }, { name: "36629", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/36629", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { name: "officescan-cgiocommon-bo(35051)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051", }, { name: "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559", }, { name: "1018320", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018320", }, { name: "ADV-2007-2330", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2330", }, { name: "25778", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25778", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-06-26T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "24641", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24641", }, { name: "36629", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/36629", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { name: "officescan-cgiocommon-bo(35051)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051", }, { name: "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559", }, { name: "1018320", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018320", }, { name: "ADV-2007-2330", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2330", }, { name: "25778", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25778", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-3454", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "24641", refsource: "BID", url: "http://www.securityfocus.com/bid/24641", }, { name: "36629", refsource: "OSVDB", url: "http://osvdb.org/36629", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { name: "officescan-cgiocommon-bo(35051)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051", }, { name: "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability", refsource: "IDEFENSE", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559", }, { name: "1018320", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018320", }, { name: "ADV-2007-2330", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2330", }, { name: "25778", refsource: "SECUNIA", url: "http://secunia.com/advisories/25778", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-3454", datePublished: "2007-06-27T00:00:00", dateReserved: "2007-06-26T00:00:00", dateUpdated: "2024-08-07T14:21:35.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1151
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7286 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/220666 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:08.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { name: "officescan-config-file-access(7286)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { name: "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/220666", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-08-22T00:00:00", descriptions: [ { lang: "en", value: "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-18T21:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { name: "officescan-config-file-access(7286)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { name: "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/220666", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1151", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", refsource: "MISC", url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { name: "officescan-config-file-access(7286)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { name: "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/220666", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1151", datePublished: "2002-03-15T05:00:00", dateReserved: "2002-03-15T00:00:00", dateUpdated: "2024-08-08T04:44:08.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-5157
Vulnerability from cvelistv5
Published
2006-10-03 23:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.layereddefense.com/TREND01OCT.html | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2006/3870 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29308 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1016963 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/788860 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/20284 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/447498/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/1682 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/22224 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T19:41:05.552Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.layereddefense.com/TREND01OCT.html", }, { name: "ADV-2006-3870", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3870", }, { name: "officescan-atxconsole-format-string(29308)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308", }, { name: "1016963", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1016963", }, { name: "VU#788860", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/788860", }, { name: "20284", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/20284", }, { name: "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/447498/100/0/threaded", }, { name: "1682", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/1682", }, { name: "22224", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22224", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-10-01T00:00:00", descriptions: [ { lang: "en", value: "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console's Remote Client Install name search\".", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-17T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.layereddefense.com/TREND01OCT.html", }, { name: "ADV-2006-3870", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3870", }, { name: "officescan-atxconsole-format-string(29308)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308", }, { name: "1016963", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1016963", }, { name: "VU#788860", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/788860", }, { name: "20284", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/20284", }, { name: "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/447498/100/0/threaded", }, { name: "1682", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/1682", }, { name: "22224", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22224", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-5157", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console's Remote Client Install name search\".", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.layereddefense.com/TREND01OCT.html", refsource: "MISC", url: "http://www.layereddefense.com/TREND01OCT.html", }, { name: "ADV-2006-3870", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/3870", }, { name: "officescan-atxconsole-format-string(29308)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308", }, { name: "1016963", refsource: "SECTRACK", url: "http://securitytracker.com/id?1016963", }, { name: "VU#788860", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/788860", }, { name: "20284", refsource: "BID", url: "http://www.securityfocus.com/bid/20284", }, { name: "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/447498/100/0/threaded", }, { name: "1682", refsource: "SREASON", url: "http://securityreason.com/securityalert/1682", }, { name: "22224", refsource: "SECUNIA", url: "http://secunia.com/advisories/22224", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-5157", datePublished: "2006-10-03T23:00:00", dateReserved: "2006-10-03T00:00:00", dateUpdated: "2024-08-07T19:41:05.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-6179
Vulnerability from cvelistv5
Published
2006-11-30 23:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/4852 | vdb-entry, x_refsource_VUPEN | |
| http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/21442 | vdb-entry, x_refsource_BID | |
| http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:19:34.929Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2006-4852", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/4852", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", }, { name: "21442", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/21442", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-06-29T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-12-08T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2006-4852", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/4852", }, { tags: [ "x_refsource_MISC", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", }, { name: "21442", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/21442", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-6179", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2006-4852", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/4852", }, { name: "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", refsource: "MISC", url: "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", }, { name: "21442", refsource: "BID", url: "http://www.securityfocus.com/bid/21442", }, { name: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", refsource: "CONFIRM", url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-6179", datePublished: "2006-11-30T23:00:00", dateReserved: "2006-11-30T00:00:00", dateUpdated: "2024-08-07T20:19:34.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2000-0203
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com | mailing-list, x_refsource_BUGTRAQ | |
| http://www.antivirus.com/download/ofce_patch_35.htm | x_refsource_MISC | |
| http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1013 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T05:05:54.109Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it", }, { name: "1013", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/1013", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2000-02-25T00:00:00", descriptions: [ { lang: "en", value: "The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2003-03-21T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { tags: [ "x_refsource_MISC", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it", }, { name: "1013", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/1013", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2000-0203", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20000315 Trend Micro release patch for \"OfficeScan DoS & Message Replay\" V ulnerabilies", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com", }, { name: "http://www.antivirus.com/download/ofce_patch_35.htm", refsource: "MISC", url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { name: "20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D@srvnt04.previnet.it", }, { name: "1013", refsource: "BID", url: "http://www.securityfocus.com/bid/1013", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2000-0203", datePublished: "2000-03-22T05:00:00", dateReserved: "2000-03-22T00:00:00", dateUpdated: "2024-08-08T05:05:54.109Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3364
Vulnerability from cvelistv5
Published
2008-07-30 16:03
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31440 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2220/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/30407 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/31277 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44042 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020569 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/6152 | exploit, x_refsource_EXPLOIT-DB | |
| http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899 | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/4061 | third-party-advisory, x_refsource_SREASON |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:37:26.881Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31440", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31440", }, { name: "ADV-2008-2220", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2220/references", }, { name: "30407", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30407", }, { name: "31277", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31277", }, { name: "trendmicro-officescan-objremovectrl-bo(44042)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042", }, { name: "1020569", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020569", }, { name: "6152", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/6152", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899", }, { name: "4061", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4061", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-28T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31440", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31440", }, { name: "ADV-2008-2220", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2220/references", }, { name: "30407", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30407", }, { name: "31277", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31277", }, { name: "trendmicro-officescan-objremovectrl-bo(44042)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042", }, { name: "1020569", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020569", }, { name: "6152", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/6152", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899", }, { name: "4061", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4061", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3364", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31440", refsource: "SECUNIA", url: "http://secunia.com/advisories/31440", }, { name: "ADV-2008-2220", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2220/references", }, { name: "30407", refsource: "BID", url: "http://www.securityfocus.com/bid/30407", }, { name: "31277", refsource: "SECUNIA", url: "http://secunia.com/advisories/31277", }, { name: "trendmicro-officescan-objremovectrl-bo(44042)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042", }, { name: "1020569", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020569", }, { name: "6152", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/6152", }, { name: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899", refsource: "CONFIRM", url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899", }, { name: "4061", refsource: "SREASON", url: "http://securityreason.com/securityalert/4061", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3364", datePublished: "2008-07-30T16:03:00", dateReserved: "2008-07-30T00:00:00", dateUpdated: "2024-08-07T09:37:26.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-4402
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31531 | vdb-entry, x_refsource_BID | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45608 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32097 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1020974 | vdb-entry, x_refsource_SECTRACK | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2712 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:17:09.820Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31531", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31531", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "trendmicro-officescan-cgi-dos(45608)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608", }, { name: "32097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32097", }, { name: "1020974", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020974", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "ADV-2008-2712", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2712", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-02T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31531", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31531", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "trendmicro-officescan-cgi-dos(45608)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608", }, { name: "32097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32097", }, { name: "1020974", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020974", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "ADV-2008-2712", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2712", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-4402", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31531", refsource: "BID", url: "http://www.securityfocus.com/bid/31531", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "trendmicro-officescan-cgi-dos(45608)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608", }, { name: "32097", refsource: "SECUNIA", url: "http://secunia.com/advisories/32097", }, { name: "1020974", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020974", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "ADV-2008-2712", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2712", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-4402", datePublished: "2008-10-03T15:00:00", dateReserved: "2008-10-03T00:00:00", dateUpdated: "2024-08-07T10:17:09.820Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2439
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:58:02.308Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-2711", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2711", }, { name: "31531", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31531", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", }, { name: "1020975", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020975", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "32097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32097", }, { name: "trendmicro-tmlisten-directory-traversal(45597)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/496970/100/0/threaded", }, { name: "31343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31343", }, { name: "ADV-2008-2712", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2712", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-39/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-02T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "ADV-2008-2711", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2711", }, { name: "31531", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31531", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", }, { name: "1020975", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020975", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "32097", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32097", }, { name: "trendmicro-tmlisten-directory-traversal(45597)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/496970/100/0/threaded", }, { name: "31343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31343", }, { name: "ADV-2008-2712", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2712", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-39/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-2439", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-2711", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2711", }, { name: "31531", refsource: "BID", url: "http://www.securityfocus.com/bid/31531", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", }, { name: "1020975", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020975", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { name: "32097", refsource: "SECUNIA", url: "http://secunia.com/advisories/32097", }, { name: "trendmicro-tmlisten-directory-traversal(45597)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { name: "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/496970/100/0/threaded", }, { name: "31343", refsource: "SECUNIA", url: "http://secunia.com/advisories/31343", }, { name: "ADV-2008-2712", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2712", }, { name: "http://secunia.com/secunia_research/2008-39/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-39/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-2439", datePublished: "2008-10-03T15:00:00", dateReserved: "2008-05-27T00:00:00", dateUpdated: "2024-08-07T08:58:02.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-5212
Vulnerability from cvelistv5
Published
2006-10-09 21:00
Modified
2024-08-07 19:41
Severity ?
EPSS score ?
Summary
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/20330 | vdb-entry, x_refsource_BID | |
| http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt | x_refsource_CONFIRM | |
| http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt | x_refsource_CONFIRM | |
| http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/3882 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/22156 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.trendmicro.com/download/product.asp?productid=5 | x_refsource_CONFIRM | |
| http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T19:41:04.630Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20330", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/20330", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", }, { name: "ADV-2006-3882", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/3882", }, { name: "22156", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/22156", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/download/product.asp?productid=5", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-04-21T00:00:00", descriptions: [ { lang: "en", value: "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-02-26T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20330", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/20330", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", }, { name: "ADV-2006-3882", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/3882", }, { name: "22156", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/22156", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/download/product.asp?productid=5", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-5212", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20330", refsource: "BID", url: "http://www.securityfocus.com/bid/20330", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", }, { name: "ADV-2006-3882", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/3882", }, { name: "22156", refsource: "SECUNIA", url: "http://secunia.com/advisories/22156", }, { name: "http://www.trendmicro.com/download/product.asp?productid=5", refsource: "CONFIRM", url: "http://www.trendmicro.com/download/product.asp?productid=5", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-5212", datePublished: "2006-10-09T21:00:00", dateReserved: "2006-10-09T00:00:00", dateUpdated: "2024-08-07T19:41:04.630Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1150
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/7014.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/210087 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/209375 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3216 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:08.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "officescan-iuser-read-files(7014)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/7014.php", }, { name: "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/210087", }, { name: "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/209375", }, { name: "3216", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3216", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-08-22T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-03-22T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "officescan-iuser-read-files(7014)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/7014.php", }, { name: "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/210087", }, { name: "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/209375", }, { name: "3216", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3216", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1150", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "officescan-iuser-read-files(7014)", refsource: "XF", url: "http://www.iss.net/security_center/static/7014.php", }, { name: "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/210087", }, { name: "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/209375", }, { name: "3216", refsource: "BID", url: "http://www.securityfocus.com/bid/3216", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1150", datePublished: "2002-03-15T05:00:00", dateReserved: "2002-03-15T00:00:00", dateUpdated: "2024-08-08T04:44:08.063Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2437
Vulnerability from cvelistv5
Published
2008-09-16 22:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:58:02.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt", }, { name: "4263", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4263", }, { name: "ADV-2008-2555", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2555", }, { name: "trendmicro-cgirecvfile-bo(45072)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072", }, { name: "20080912 Secunia Research: Trend Micro OfficeScan \"cgiRecvFile.exe\" Buffer Overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/496281/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt", }, { name: "31342", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31342", }, { name: "31139", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31139", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-35/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt", }, { name: "1020860", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020860", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-09-12T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt", }, { name: "4263", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4263", }, { name: "ADV-2008-2555", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2555", }, { name: "trendmicro-cgirecvfile-bo(45072)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072", }, { name: "20080912 Secunia Research: Trend Micro OfficeScan \"cgiRecvFile.exe\" Buffer Overflow", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/496281/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt", }, { name: "31342", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31342", }, { name: "31139", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31139", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-35/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt", }, { name: "1020860", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020860", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-2437", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt", }, { name: "4263", refsource: "SREASON", url: "http://securityreason.com/securityalert/4263", }, { name: "ADV-2008-2555", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2555", }, { name: "trendmicro-cgirecvfile-bo(45072)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072", }, { name: "20080912 Secunia Research: Trend Micro OfficeScan \"cgiRecvFile.exe\" Buffer Overflow", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/496281/100/0/threaded", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt", }, { name: "31342", refsource: "SECUNIA", url: "http://secunia.com/advisories/31342", }, { name: "31139", refsource: "BID", url: "http://www.securityfocus.com/bid/31139", }, { name: "http://secunia.com/secunia_research/2008-35/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-35/", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt", }, { name: "1020860", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020860", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-2437", datePublished: "2008-09-16T22:00:00", dateReserved: "2008-05-27T00:00:00", dateUpdated: "2024-08-07T08:58:02.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-3455
Vulnerability from cvelistv5
Published
2007-06-27 00:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/24641 | vdb-entry, x_refsource_BID | |
| http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/24935 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/36628 | vdb-entry, x_refsource_OSVDB | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.vupen.com/english/advisories/2007/2330 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25778 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1018320 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35052 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:21:36.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "24641", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24641", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { name: "24935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24935", }, { name: "36628", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/36628", }, { name: "20070716 Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558", }, { name: "ADV-2007-2330", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2330", }, { name: "25778", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25778", }, { name: "1018320", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018320", }, { name: "officescan-cgichkmasterpwd-security-bypass(35052)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-06-26T00:00:00", descriptions: [ { lang: "en", value: "cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to \"stored decrypted user logon information.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "24641", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24641", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { name: "24935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24935", }, { name: "36628", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/36628", }, { name: "20070716 Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558", }, { name: "ADV-2007-2330", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2330", }, { name: "25778", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25778", }, { name: "1018320", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018320", }, { name: "officescan-cgichkmasterpwd-security-bypass(35052)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-3455", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to \"stored decrypted user logon information.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "24641", refsource: "BID", url: "http://www.securityfocus.com/bid/24641", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { name: "24935", refsource: "BID", url: "http://www.securityfocus.com/bid/24935", }, { name: "36628", refsource: "OSVDB", url: "http://osvdb.org/36628", }, { name: "20070716 Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability", refsource: "IDEFENSE", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558", }, { name: "ADV-2007-2330", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2330", }, { name: "25778", refsource: "SECUNIA", url: "http://secunia.com/advisories/25778", }, { name: "1018320", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1018320", }, { name: "officescan-cgichkmasterpwd-security-bypass(35052)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-3455", datePublished: "2007-06-27T00:00:00", dateReserved: "2007-06-26T00:00:00", dateUpdated: "2024-08-07T14:21:36.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3866
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/secunia_research/2008-43/ | x_refsource_MISC | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | x_refsource_MISC | |
| http://www.securitytracker.com/id?1021616 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48108 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1021617 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/33358 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/0191 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33609 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/31160 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.489Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-43/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "1021616", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021616", }, { name: "nsc-tmpfw-security-bypass(48108)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { name: "1021617", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021617", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33609", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31160", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-20T00:00:00", descriptions: [ { lang: "en", value: "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-43/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "1021616", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021616", }, { name: "nsc-tmpfw-security-bypass(48108)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { name: "1021617", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021617", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33609", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31160", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-3866", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://secunia.com/secunia_research/2008-43/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-43/", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", refsource: "MISC", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "1021616", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021616", }, { name: "nsc-tmpfw-security-bypass(48108)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { name: "1021617", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021617", }, { name: "33358", refsource: "BID", url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", refsource: "SECUNIA", url: "http://secunia.com/advisories/33609", }, { name: "31160", refsource: "SECUNIA", url: "http://secunia.com/advisories/31160", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-3866", datePublished: "2009-01-21T20:00:00", dateReserved: "2008-08-29T00:00:00", dateUpdated: "2024-08-07T09:53:00.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3864
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021615 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/secunia_research/2008-42/ | x_refsource_MISC | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48106 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/500195/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/33358 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/0191 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33609 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4937 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/31160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1021614 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.486Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-dos(48106)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021614", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-20T00:00:00", descriptions: [ { lang: "en", value: "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "1021615", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021615", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-42/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-dos(48106)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33609", }, { name: "4937", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4937", }, { name: "31160", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31160", }, { name: "1021614", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021614", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-3864", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1021615", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021615", }, { name: "http://secunia.com/secunia_research/2008-42/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-42/", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { name: "tmpfw-apithread-dos(48106)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { name: "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { name: "33358", refsource: "BID", url: "http://www.securityfocus.com/bid/33358", }, { name: "ADV-2009-0191", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0191", }, { name: "33609", refsource: "SECUNIA", url: "http://secunia.com/advisories/33609", }, { name: "4937", refsource: "SREASON", url: "http://securityreason.com/securityalert/4937", }, { name: "31160", refsource: "SECUNIA", url: "http://secunia.com/advisories/31160", }, { name: "1021614", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021614", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-3864", datePublished: "2009-01-21T20:00:00", dateReserved: "2008-08-29T00:00:00", dateUpdated: "2024-08-07T09:53:00.486Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3862
Vulnerability from cvelistv5
Published
2008-10-23 21:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32005 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4489 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/secunia_research/2008-40/ | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2008/2892 | vdb-entry, x_refsource_VUPEN | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021093 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/31859 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/497650/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", }, { name: "32005", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32005", }, { name: "4489", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4489", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://secunia.com/secunia_research/2008-40/", }, { name: "ADV-2008-2892", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2892", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", }, { name: "1021093", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021093", }, { name: "31859", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31859", }, { name: "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/497650/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-22T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", }, { name: "32005", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32005", }, { name: "4489", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4489", }, { tags: [ "x_refsource_MISC", ], url: "http://secunia.com/secunia_research/2008-40/", }, { name: "ADV-2008-2892", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2892", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", }, { name: "1021093", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021093", }, { name: "31859", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31859", }, { name: "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/497650/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2008-3862", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", }, { name: "32005", refsource: "SECUNIA", url: "http://secunia.com/advisories/32005", }, { name: "4489", refsource: "SREASON", url: "http://securityreason.com/securityalert/4489", }, { name: "http://secunia.com/secunia_research/2008-40/", refsource: "MISC", url: "http://secunia.com/secunia_research/2008-40/", }, { name: "ADV-2008-2892", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2892", }, { name: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", refsource: "CONFIRM", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", }, { name: "1021093", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021093", }, { name: "31859", refsource: "BID", url: "http://www.securityfocus.com/bid/31859", }, { name: "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/497650/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2008-3862", datePublished: "2008-10-23T21:00:00", dateReserved: "2008-08-29T00:00:00", dateUpdated: "2024-08-07T09:53:00.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2006-10-10 04:06
Modified
2024-11-21 00:18
Severity ?
Summary
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 6.0 | |
| trend_micro | officescan | corporate_6.5 | |
| trend_micro | officescan | corporate_7.0 | |
| trend_micro | officescan | corporate_7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:6.0:*:*:*:*:*:*:*", matchCriteriaId: "477D3144-648E-4003-835F-87F63F9248F3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_6.5:*:*:*:*:*:*:*", matchCriteriaId: "3DB43A95-60F8-425A-8434-C07EC799DC68", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_7.0:*:*:*:*:*:*:*", matchCriteriaId: "567D7B70-7FE7-4C4F-8D09-C72E28F04FF8", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_7.3:*:*:*:*:*:*:*", matchCriteriaId: "78CDE85D-4C4B-42D0-BF64-11E880168A83", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.", }, { lang: "es", value: "Trend Micro OfficeScan 6.0 en Client/Server/Messaging (CSM) Suite para SMB 2.0 anetrior a 6.0.0.1385, y OfficeScan Corporate Edition (OSCE) 6.5 anterior a 6.5.0.1418, 7.0 anterior a 7.0.0.1257, y 7.3 anterior a 7.3.0.1053 permite a atacantes remotos borrar archivos mediante un parámetro de nombre de archivo (filename) modificado en una petición HTTP determinada que invoca al programa CGI de OfficeScan.", }, ], id: "CVE-2006-5212", lastModified: "2024-11-21T00:18:19.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-10-10T04:06:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/22156", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/20330", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.trendmicro.com/download/product.asp?productid=5", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/3882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/22156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/20330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/download/product.asp?productid=5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/3882", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-10-23 22:00
Modified
2024-11-21 00:50
Severity ?
Summary
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", matchCriteriaId: "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\"", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en el programa CGI en el servidor de Trend Micro OfficeScan 7.3 Patch 4 build 1367 y otras compilaciones anteriores a 1374, y 8.0 SP1 Patch 1 compilaciones anteriores a 3110, permite a atacantes remotos ejecutar código de su elección a través de peticiones HTTP POST que contienen datos de formulario manipulados, relacionado con el \"parseado de peticiones CGI\".", }, ], id: "CVE-2008-3862", lastModified: "2024-11-21T00:50:18.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-10-23T22:00:01.230", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/32005", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-40/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://securityreason.com/securityalert/4489", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/archive/1/497650/100/0/threaded", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/bid/31859", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021093", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2008/2892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/32005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-40/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/497650/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31859", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2892", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:client-server-messaging_suite_smb:gold:*:windows:*:*:*:*:*", matchCriteriaId: "8C9AAAD5-E973-41CB-B7FD-85D1EA04F6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:client-server_suite_smb:gold:*:windows:*:*:*:*:*", matchCriteriaId: "664CD81D-30AD-450B-A9FF-7C0FC61C938A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:as_400:*:*:*:*:*", matchCriteriaId: "CEEC709C-CE2F-435D-8595-3B7462F5D58A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:s_390:*:*:*:*:*", matchCriteriaId: "416653F7-D8D5-4947-A097-8E1298DD0FEE", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:solaris:*:*:*:*:*", matchCriteriaId: "0416D605-20FC-4C87-8009-C240530A1B13", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:windows:*:*:*:*:*", matchCriteriaId: "4FFD939A-C783-4A02-9859-B823A57F8A5E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:windows_nt:*:*:*:*:*", matchCriteriaId: "723E2C95-124F-422F-A241-AECA1D5E0D0F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:netware:*:*:*:*:*:*:*", matchCriteriaId: "2A63C770-365B-4EAF-AF4B-1B379F943DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.5:*:hp:*:*:*:*:*", matchCriteriaId: "9D2CAA96-4C71-482B-A033-E4AD0814C638", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.5.2:*:windows:*:*:*:*:*", matchCriteriaId: "0DEAD496-BB59-464D-9BBA-29158CF65C35", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:linux:*:*:*:*:*", matchCriteriaId: "8767F042-4333-404A-B7D7-6830B6959890", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:sun:*:*:*:*:*", matchCriteriaId: "C02396DD-CFBF-4019-8AC7-9C41821AF8E2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.51:*:*:*:*:*:*:*", matchCriteriaId: "8DF73278-A5E9-4975-9C0B-DD9413A33FA4", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.51_j:*:*:*:*:*:*:*", matchCriteriaId: "A7F86817-D352-452E-B80F-1402C8A76372", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:3.81:*:*:*:*:*:*:*", matchCriteriaId: "4086086F-4F57-4E73-B473-FFF33CD23F6E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:5.5:*:*:*:*:*:*:*", matchCriteriaId: "0F1E2358-2868-4D95-A783-0D7A591A691C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:linux:*:*:*:*:*", matchCriteriaId: "7E8ADD8C-2E58-4671-BECF-B02A5DE04A1E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:solaris:*:*:*:*:*", matchCriteriaId: "4CD5D110-5FA3-4F6C-A727-06A73676EC9A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:windows:*:*:*:*:*", matchCriteriaId: "CD824873-B625-4755-ADC9-C6657CD63208", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:linux:*:*:*:*:*", matchCriteriaId: "E4B9603D-79FE-4E7C-A9F9-E9A24FBBDF3E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:unix:*:*:*:*:*", matchCriteriaId: "475CED59-77F7-4E6B-8DB6-EFFC7F8D5929", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.4:*:windows_nt:*:*:*:*:*", matchCriteriaId: "75734296-9435-4A96-B30C-572BF1BBAD14", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.5:*:windows_nt:*:*:*:*:*", matchCriteriaId: "61C0968D-D8F1-450C-B4E9-94535B4CF637", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:hp_ux:*:*:*:*:*", matchCriteriaId: "106EB780-7455-41F7-ADB0-67C541F6C53F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:solaris:*:*:*:*:*", matchCriteriaId: "A9EB55C4-00FB-4D2F-993D-27269F09CF08", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:unix:*:*:*:*:*", matchCriteriaId: "1D8580C2-B757-4C4C-A9B6-960905101E10", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:windows_nt:*:*:*:*:*", matchCriteriaId: "D9AE5039-8467-48C2-8417-E7B18A48F0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.5:*:linux:*:*:*:*:*", matchCriteriaId: "82425C25-4464-4C69-A7C9-6B7369661E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.51:*:windows_nt:*:*:*:*:*", matchCriteriaId: "15B05F1A-7AA1-46E5-947B-C422F9618F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.52:*:windows_nt:*:*:*:*:*", matchCriteriaId: "EB4F32FC-8391-4B3B-AA42-07E392053A96", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.52_build1466:*:windows_nt:*:*:*:*:*", matchCriteriaId: "1BF5CF24-83B8-4AC3-A849-C56979CB38DE", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:5.1:*:windows_nt:*:*:*:*:*", matchCriteriaId: "25D7EFC1-4053-46E9-9081-3BBAB0300C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:aix:*:*:*:*:*", matchCriteriaId: "8B678239-DD77-488C-82FE-27D6FC47B94A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:linux_for_smb:*:*:*:*:*", matchCriteriaId: "071EDC78-C902-4D79-8CDF-F5DD30BF7027", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:smb:*:*:*:*:*", matchCriteriaId: "55C6BD67-FE95-43A7-91F7-608DEC79C24A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows:*:*:*:*:*", matchCriteriaId: "29EDFC0F-687B-4B56-8910-67C6E3907483", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows_nt_for_smb:*:*:*:*:*", matchCriteriaId: "5A694256-BD24-4EED-9833-B15DCA874F15", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:linux:*:*:*:*:*", matchCriteriaId: "1DCB7541-8145-47CA-9F4E-4A600CA454EA", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:solaris:*:*:*:*:*", matchCriteriaId: "DB8B2F17-7C2B-4782-9492-D967A2AD8B3A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:windows:*:*:*:*:*", matchCriteriaId: "D1E65854-8869-41F7-BAFE-B7545FC98BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webmanager:1.2:*:*:*:*:*:*:*", matchCriteriaId: "B1C33920-9BC7-41BC-BB66-723D0BAF2839", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webmanager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "A73B43D9-A721-4D48-A2D6-48A77355965F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webmanager:2.1:*:*:*:*:*:*:*", matchCriteriaId: "F1F3645D-2B7D-44ED-83DE-ABF9016CD0D3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webprotect:gold:*:isa:*:*:*:*:*", matchCriteriaId: "921B617D-F37E-4D10-A627-09F9678790B4", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*", matchCriteriaId: "4013BF7E-DE8F-4941-BF15-D17C8C88DB78", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.0:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "093EED07-F4C1-47B2-9D08-3DE0D57D5CA5", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.1.1:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "CBA9F2BA-1274-465C-B723-ABB54CA17FE9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*", matchCriteriaId: "BE60F5D9-35D0-4D0E-85D1-EE71E533622F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "6F37307A-7847-4D5A-99D8-8A4BE424CD21", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*", matchCriteriaId: "BF74A292-2B1B-43FC-AA82-CFB04D7644E3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "925DA405-9719-452C-8369-D4A60CC916C2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*", matchCriteriaId: "46575AE8-8718-44D8-AF5C-14F7981B3238", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "F893D171-7AB3-4422-BA86-021B0211EE36", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*", matchCriteriaId: "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.5:*:*:*:*:*:*:*", matchCriteriaId: "E6F25D89-826B-4FA0-AA8F-CD729F00F9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*", matchCriteriaId: "BEE87037-D7CC-480B-BBD2-F1802294D4F2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_6.5:*:*:*:*:*:*:*", matchCriteriaId: "3DB43A95-60F8-425A-8434-C07EC799DC68", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:6.0:*:*:*:*:*:*:*", matchCriteriaId: "ABBAA86F-8DE4-4BC8-B295-89CF981C28D0", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2000:*:*:*:*:*:*:*", matchCriteriaId: "9994E64C-0E8C-4A9C-A321-6A73A16E33AF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2002:*:*:*:*:*:*:*", matchCriteriaId: "A65282E0-2332-4CAA-9BA9-3794C2CDE960", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2003:*:*:*:*:*:*:*", matchCriteriaId: "E56D571B-649D-41E2-A502-6C1EBAB73F62", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:portalprotect:1.0:*:*:*:*:*:*:*", matchCriteriaId: "C991F564-93D1-4E63-8B71-B0C9CD9BECA4", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:2.6:*:domino:*:*:*:*:*", matchCriteriaId: "195D657C-4A4B-4832-B1A6-056FB990401E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:2.51:*:domino:*:*:*:*:*", matchCriteriaId: "929BCF43-AC3A-43D0-8819-7673996D216D", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:3.8:*:microsoft_exchange:*:*:*:*:*", matchCriteriaId: "3BFF861D-F544-4902-A958-BE566FB85738", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:3.81:*:microsoft_exchange:*:*:*:*:*", matchCriteriaId: "3B282BE2-8116-48A7-B6D6-544983FF72C6", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:6.1:*:microsoft_exchange:*:*:*:*:*", matchCriteriaId: "C81AFD13-0883-48F5-BD6B-707CFFE07262", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_aix:*:*:*:*:*", matchCriteriaId: "B4963C96-FA13-4E54-8EE3-8E169CACBF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_as_400:*:*:*:*:*", matchCriteriaId: "C3E0300A-27F7-47C1-B725-55FF0BE92FF9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_s_390:*:*:*:*:*", matchCriteriaId: "FF365F03-F95C-4047-BBA4-42EBD02E823B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_solaris:*:*:*:*:*", matchCriteriaId: "A2042D38-CF77-4149-9289-B3380F59D794", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_windows:*:*:*:*:*", matchCriteriaId: "D275C0DB-E942-4EB9-B6AA-3112C1A697DA", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail_emanager:*:*:*:*:*:*:*:*", matchCriteriaId: "E4CE79B6-B9E8-4775-B7BF-90C2758EECE0", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:1.3:*:linux:*:*:*:*:*", matchCriteriaId: "FB28FE16-F163-4287-9A4E-843C2E67792E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:*:linux:*:*:*:*:*", matchCriteriaId: "6E8704FA-AA3C-4664-A5AA-50F60AE77642", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:2.5:*:linux:*:*:*:*:*", matchCriteriaId: "BEDB64E2-6157-47C1-842E-26A40A885ECD", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "38695C1D-DC51-45EB-9EEB-6E04490AFE6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.", }, ], id: "CVE-2005-0533", lastModified: "2024-11-20T23:55:21.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14396", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1013289", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1013290", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/12643", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://xforce.iss.net/xforce/alerts/id/189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/14396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1013289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1013290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/12643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://xforce.iss.net/xforce/alerts/id/189", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-02-08 18:28
Modified
2024-11-21 00:26
Severity ?
Summary
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:client-server-messaging_suite_smb:gold:*:windows:*:*:*:*:*", matchCriteriaId: "8C9AAAD5-E973-41CB-B7FD-85D1EA04F6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:client-server_suite_smb:gold:*:windows:*:*:*:*:*", matchCriteriaId: "664CD81D-30AD-450B-A9FF-7C0FC61C938A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "068639F9-89E0-4B19-9E24-550087080419", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:3.5:*:*:*:*:*:*:*", matchCriteriaId: "4801FB64-FFC4-4167-9855-69EB8A424EE6", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:as_400:*:*:*:*:*", matchCriteriaId: "CEEC709C-CE2F-435D-8595-3B7462F5D58A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:s_390:*:*:*:*:*", matchCriteriaId: "416653F7-D8D5-4947-A097-8E1298DD0FEE", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:solaris:*:*:*:*:*", matchCriteriaId: "0416D605-20FC-4C87-8009-C240530A1B13", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:windows:*:*:*:*:*", matchCriteriaId: "4FFD939A-C783-4A02-9859-B823A57F8A5E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:gold:*:windows_nt:*:*:*:*:*", matchCriteriaId: "723E2C95-124F-422F-A241-AECA1D5E0D0F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:control_manager:netware:*:*:*:*:*:*:*", matchCriteriaId: "2A63C770-365B-4EAF-AF4B-1B379F943DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.5:*:hp:*:*:*:*:*", matchCriteriaId: "9D2CAA96-4C71-482B-A033-E4AD0814C638", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.5.2:*:windows:*:*:*:*:*", matchCriteriaId: "0DEAD496-BB59-464D-9BBA-29158CF65C35", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:linux:*:*:*:*:*", matchCriteriaId: "8767F042-4333-404A-B7D7-6830B6959890", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:sun:*:*:*:*:*", matchCriteriaId: "C02396DD-CFBF-4019-8AC7-9C41821AF8E2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.51:*:*:*:*:*:*:*", matchCriteriaId: "8DF73278-A5E9-4975-9C0B-DD9413A33FA4", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_emanager:3.51_j:*:*:*:*:*:*:*", matchCriteriaId: "A7F86817-D352-452E-B80F-1402C8A76372", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:*:*:linux_5.1.1:*:*:*:*:*", matchCriteriaId: "0D03DBA4-3F2D-433A-8D17-01B4D7E16EE6", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:3.81:*:*:*:*:*:*:*", matchCriteriaId: "4086086F-4F57-4E73-B473-FFF33CD23F6E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:5.5:*:*:*:*:*:*:*", matchCriteriaId: "0F1E2358-2868-4D95-A783-0D7A591A691C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:5.5_build_1183:*:*:*:*:*:*:*", matchCriteriaId: "E4587F87-E033-4636-9B61-18D1A7AA54D5", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:linux:*:*:*:*:*", matchCriteriaId: "7E8ADD8C-2E58-4671-BECF-B02A5DE04A1E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:solaris:*:*:*:*:*", matchCriteriaId: "4CD5D110-5FA3-4F6C-A727-06A73676EC9A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:windows:*:*:*:*:*", matchCriteriaId: "CD824873-B625-4755-ADC9-C6657CD63208", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:linux:*:*:*:*:*", matchCriteriaId: "E4B9603D-79FE-4E7C-A9F9-E9A24FBBDF3E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:unix:*:*:*:*:*", matchCriteriaId: "475CED59-77F7-4E6B-8DB6-EFFC7F8D5929", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.1.0:*:linux:*:*:*:*:*", matchCriteriaId: "29DA2B3D-D055-4328-8AD3-B5B407B17328", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D948171A-3B54-462A-8B2E-2C0266A37E94", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.3:*:*:*:*:*:*:*", matchCriteriaId: "7A9D4E2E-889B-4233-8887-9CF00A5023A7", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:*:*:*:*:*:*", matchCriteriaId: "F35126E8-F926-4C0B-B37F-AFE78DD2526F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:hp_ux:*:*:*:*:*", matchCriteriaId: "106EB780-7455-41F7-ADB0-67C541F6C53F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:solaris:*:*:*:*:*", matchCriteriaId: "A9EB55C4-00FB-4D2F-993D-27269F09CF08", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:windows_nt:*:*:*:*:*", matchCriteriaId: "D9AE5039-8467-48C2-8417-E7B18A48F0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.0_build_1182:*:*:*:*:*:*:*", matchCriteriaId: "DA820000-7608-4E3B-A05D-0C3CFC35227C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.0_build1166:*:*:*:*:*:*:*", matchCriteriaId: "20349641-1EAD-4401-996F-15C131574F0D", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.5:*:linux:*:*:*:*:*", matchCriteriaId: "82425C25-4464-4C69-A7C9-6B7369661E3B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.7.0:*:*:*:*:*:*:*", matchCriteriaId: "0AA147F1-224C-4230-9831-5EB153748793", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.7.0_build1190:*:*:*:*:*:*:*", matchCriteriaId: "E2417050-7F5A-4702-A6F5-DFEFE96CCD78", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.8.0_build1130:*:*:*:*:*:*:*", matchCriteriaId: "5B9F63FB-7B5F-49AF-BC84-B3250A08720A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.32:*:*:*:*:*:*:*", matchCriteriaId: "2F72A6DE-BA1B-4907-B19D-D71B172BB249", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:3.81:*:linux:*:*:*:*:*", matchCriteriaId: "37ECAEF4-8A0D-4B90-8E4A-62BA72DAA702", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:5.1:*:windows_nt:*:*:*:*:*", matchCriteriaId: "25D7EFC1-4053-46E9-9081-3BBAB0300C1B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:aix:*:*:*:*:*", matchCriteriaId: "8B678239-DD77-488C-82FE-27D6FC47B94A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:linux_for_smb:*:*:*:*:*", matchCriteriaId: "071EDC78-C902-4D79-8CDF-F5DD30BF7027", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:smb:*:*:*:*:*", matchCriteriaId: "55C6BD67-FE95-43A7-91F7-608DEC79C24A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows:*:*:*:*:*", matchCriteriaId: "29EDFC0F-687B-4B56-8910-67C6E3907483", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows_nt_for_smb:*:*:*:*:*", matchCriteriaId: "5A694256-BD24-4EED-9833-B15DCA874F15", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.4:*:*:*:*:*:*:*", matchCriteriaId: "2F81C82F-4997-4D4E-981B-F1601A8AD281", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.5:*:*:*:*:*:*:*", matchCriteriaId: "ED3120FB-140A-458B-8926-7FE3593331FA", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.6:*:*:*:*:*:*:*", matchCriteriaId: "B9239FE6-7FE3-4013-8E73-DE648F24EFEA", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.51:*:*:*:*:*:*:*", matchCriteriaId: "12023885-3D72-4CE4-B60F-F91EEE0C9153", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.52:*:*:*:*:*:*:*", matchCriteriaId: "0B132F48-3C0D-4DC9-9255-BB2D1CEBF855", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.52_build1466:*:*:*:*:*:*:*", matchCriteriaId: "772DC29B-9C2C-4446-9352-6707E6B6F08F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D3079D9E-853D-46D3-92E8-E125CC800DFD", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_viruswall_scan_engine:7.510.0-1002:*:*:*:*:*:*:*", matchCriteriaId: "D5ADC38A-3C58-42B3-9396-0D7B14EA0B59", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:*:*:linux:*:*:*:*:*", matchCriteriaId: "1DC6D16A-3D1C-4AA6-B039-BFF5BEE64693", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:*:*:linux_1.0.0_ja:*:*:*:*:*", matchCriteriaId: "110A575E-761B-4DD7-B4BE-B9AD22C85213", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:linux:*:*:*:*:*", matchCriteriaId: "1DCB7541-8145-47CA-9F4E-4A600CA454EA", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:solaris:*:*:*:*:*", matchCriteriaId: "DB8B2F17-7C2B-4782-9492-D967A2AD8B3A", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:windows:*:*:*:*:*", matchCriteriaId: "D1E65854-8869-41F7-BAFE-B7545FC98BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webmanager:1.2:*:*:*:*:*:*:*", matchCriteriaId: "B1C33920-9BC7-41BC-BB66-723D0BAF2839", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webmanager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "A73B43D9-A721-4D48-A2D6-48A77355965F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webmanager:2.1:*:*:*:*:*:*:*", matchCriteriaId: "F1F3645D-2B7D-44ED-83DE-ABF9016CD0D3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:interscan_webprotect:gold:*:isa:*:*:*:*:*", matchCriteriaId: "921B617D-F37E-4D10-A627-09F9678790B4", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*", matchCriteriaId: "4013BF7E-DE8F-4941-BF15-D17C8C88DB78", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:4.5.0:*:microsof_sbs:*:*:*:*:*", matchCriteriaId: "11302ED5-C1AB-40D0-B019-A85C43E362D3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", matchCriteriaId: "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.0:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "093EED07-F4C1-47B2-9D08-3DE0D57D5CA5", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.1.1:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "CBA9F2BA-1274-465C-B723-ABB54CA17FE9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*", matchCriteriaId: "BE60F5D9-35D0-4D0E-85D1-EE71E533622F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "6F37307A-7847-4D5A-99D8-8A4BE424CD21", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*", matchCriteriaId: "BF74A292-2B1B-43FC-AA82-CFB04D7644E3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "925DA405-9719-452C-8369-D4A60CC916C2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*", matchCriteriaId: "46575AE8-8718-44D8-AF5C-14F7981B3238", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:windows_nt_server:*:*:*:*:*", matchCriteriaId: "F893D171-7AB3-4422-BA86-021B0211EE36", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*", matchCriteriaId: "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.5:*:*:*:*:*:*:*", matchCriteriaId: "E6F25D89-826B-4FA0-AA8F-CD729F00F9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*", matchCriteriaId: "BEE87037-D7CC-480B-BBD2-F1802294D4F2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_6.5:*:*:*:*:*:*:*", matchCriteriaId: "3DB43A95-60F8-425A-8434-C07EC799DC68", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_7.0:*:*:*:*:*:*:*", matchCriteriaId: "567D7B70-7FE7-4C4F-8D09-C72E28F04FF8", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_7.3:*:*:*:*:*:*:*", matchCriteriaId: "78CDE85D-4C4B-42D0-BF64-11E880168A83", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:6.0:*:*:*:*:*:*:*", matchCriteriaId: "ABBAA86F-8DE4-4BC8-B295-89CF981C28D0", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2000:*:*:*:*:*:*:*", matchCriteriaId: "9994E64C-0E8C-4A9C-A321-6A73A16E33AF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2002:*:*:*:*:*:*:*", matchCriteriaId: "A65282E0-2332-4CAA-9BA9-3794C2CDE960", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2003:*:*:*:*:*:*:*", matchCriteriaId: "E56D571B-649D-41E2-A502-6C1EBAB73F62", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2005:*:*:*:*:*:*:*", matchCriteriaId: "E455A061-A34B-4AB7-88C7-222DB08BED08", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2006:*:*:*:*:*:*:*", matchCriteriaId: "6EB1055E-31AA-44DE-A74C-8678A0C268C3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin_internet_security:14_14.00.1485:*:*:*:*:*:*:*", matchCriteriaId: "408D7C07-D6CF-4722-AB74-70DE7C114FC0", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin_internet_security:2005_12.0.0_0_build_1244:*:*:*:*:*:*:*", matchCriteriaId: "26DA917A-B842-40E7-B3A1-8546ADBB401C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin_internet_security:2006_14.10.0.1023:*:*:*:*:*:*:*", matchCriteriaId: "83C3D9AE-690A-4ACE-B6A2-E83F1B7C5507", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin_internet_security:2007:*:*:*:*:*:*:*", matchCriteriaId: "F945B425-D79F-4B5F-A588-5DCDCFB87B06", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006:*:*:*:*:*:*:*:*", matchCriteriaId: "2D237983-725B-43B5-B733-D25397A846C7", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:portalprotect:1.0:*:*:*:*:*:*:*", matchCriteriaId: "C991F564-93D1-4E63-8B71-B0C9CD9BECA4", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:portalprotect:1.2:*:sharepoint:*:*:*:*:*", matchCriteriaId: "1F34805C-1602-45F7-8C03-D585D2F44594", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "71DAD29C-23D7-45C0-8B1B-AD9CD260EAE8", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:2.6:*:domino:*:*:*:*:*", matchCriteriaId: "195D657C-4A4B-4832-B1A6-056FB990401E", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:2.51:*:domino:*:*:*:*:*", matchCriteriaId: "929BCF43-AC3A-43D0-8819-7673996D216D", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:3.8:*:microsoft_exchange:*:*:*:*:*", matchCriteriaId: "3BFF861D-F544-4902-A958-BE566FB85738", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:3.81:*:microsoft_exchange:*:*:*:*:*", matchCriteriaId: "3B282BE2-8116-48A7-B6D6-544983FF72C6", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:6.1:*:microsoft_exchange:*:*:*:*:*", matchCriteriaId: "C81AFD13-0883-48F5-BD6B-707CFFE07262", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_aix:*:*:*:*:*", matchCriteriaId: "B4963C96-FA13-4E54-8EE3-8E169CACBF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_as_400:*:*:*:*:*", matchCriteriaId: "C3E0300A-27F7-47C1-B725-55FF0BE92FF9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_s_390:*:*:*:*:*", matchCriteriaId: "FF365F03-F95C-4047-BBA4-42EBD02E823B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_solaris:*:*:*:*:*", matchCriteriaId: "A2042D38-CF77-4149-9289-B3380F59D794", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_windows:*:*:*:*:*", matchCriteriaId: "D275C0DB-E942-4EB9-B6AA-3112C1A697DA", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanmail_emanager:*:*:*:*:*:*:*:*", matchCriteriaId: "E4CE79B6-B9E8-4775-B7BF-90C2758EECE0", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:scanning_engine:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5DB5BDA1-06D4-49B9-99CD-F8B67A5EB895", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "38695C1D-DC51-45EB-9EEB-6E04490AFE6F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:5.5.8:*:*:*:*:*:*:*", matchCriteriaId: "2A7ACC41-E475-4770-B446-4B41EE008A26", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:5.58:*:*:*:*:*:*:*", matchCriteriaId: "BE7E0AA8-220E-4E20-9FF0-95C22664AFA9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:5.58:*:windows:*:*:*:*:*", matchCriteriaId: "5E2F6774-B29F-47E6-8E50-8CF4D9AB3EEB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:linux:*:*:*:*:*:*:*", matchCriteriaId: "7EB7A187-75F5-41B5-A6A9-2C28AC5F0F98", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:linux_1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "42A4608B-A7E7-4217-8F88-C12E9DEC9C0D", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:novell_netware:*:*:*:*:*:*:*", matchCriteriaId: "2C1B8E24-4A28-4110-8DF4-72A5D19FAEAB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:windows:*:*:*:*:*:*:*", matchCriteriaId: "7B0BE038-C7F1-45FE-BE54-3D4245B3F060", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:viruswall:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1ABCB699-614A-45A5-B906-7650BB32EA29", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:web_security_suite:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "96D764CC-3574-4D95-8EA2-2C02F36EF133", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:webprotect:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21F178A5-CEAF-407F-BDE1-2328A4B959A4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.", }, { lang: "es", value: "Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado.", }, ], evaluatorImpact: "Failed exploit attempts will likely cause a denial-of-service condition.", id: "CVE-2007-0851", lastModified: "2024-11-21T00:26:53.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-02-08T18:28:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289", }, { source: "cve@mitre.org", url: "http://jvn.jp/jp/JVN%2377366274/index.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470", }, { source: "cve@mitre.org", url: "http://osvdb.org/33038", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24087", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/24128", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1017601", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017602", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017603", }, { source: "cve@mitre.org", url: "http://www.jpcert.or.jp/at/2007/at070004.txt", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/276432", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/22449", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/0522", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/0569", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/jp/JVN%2377366274/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/33038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/24087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://securitytracker.com/id?1017601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.jpcert.or.jp/at/2007/at070004.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/276432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/22449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/0522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/0569", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-10-30 14:34
Modified
2024-11-21 00:01
Severity ?
Summary
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.0_engine_7.510.1002 | |
| trend_micro | pc-cillin_2005 | 12.0.1244_engine_7.510.1002 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.0_engine_7.510.1002:*:*:*:*:*:*:*", matchCriteriaId: "CE3CAF81-213C-4F6B-A616-28CE1760CE1C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin_2005:12.0.1244_engine_7.510.1002:*:*:*:*:*:*:*", matchCriteriaId: "5410A1D5-55CF-404A-A954-C2540DE00AAD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"", }, ], id: "CVE-2005-3379", lastModified: "2024-11-21T00:01:44.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2005-10-30T14:34:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=113026417802703&w=2", }, { source: "cve@mitre.org", url: "http://www.securityelf.org/magicbyte.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityelf.org/magicbyteadv.html", }, { source: "cve@mitre.org", url: "http://www.securityelf.org/updmagic.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/415173", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/15189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=113026417802703&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityelf.org/magicbyte.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityelf.org/magicbyteadv.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityelf.org/updmagic.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/415173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15189", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2024-11-21 00:50
Severity ?
Summary
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*", matchCriteriaId: "C374395B-80B1-4FBA-88F6-1C155900E4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*", matchCriteriaId: "F794E937-C7EC-423B-AF79-F7C214114BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.", }, { lang: "es", value: "La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegación de sevicio (caída de aplicación) mediante un paquete con un valor grande en un campo de tamaño no especificado.", }, ], id: "CVE-2008-3864", lastModified: "2024-11-21T00:50:18.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-21T20:30:00.187", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://secunia.com/secunia_research/2008-42/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://securityreason.com/securityalert/4937", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021614", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021615", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/secunia_research/2008-42/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-10-03 15:07
Modified
2024-11-21 00:51
Severity ?
Summary
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1:*:*:*:*:*:*", matchCriteriaId: "8FCFB646-3649-454D-8492-1640D98ED0C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en los módulos CGI el servidor de Trend Micro OfficeScan v8.0 SP1 anterior a la b2439 y v8.0 SP1 Patch 1 anterior a b3087, permite a atacantes remotos ejecutar código a través de vectores no especificados.", }, ], id: "CVE-2008-4402", lastModified: "2024-11-21T00:51:35.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-10-03T15:07:10.790", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32097", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/31531", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020974", }, { source: "cve@mitre.org", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { source: "cve@mitre.org", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2712", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/31531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020974", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2000-03-03 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:3.5:*:*:*:*:*:*:*", matchCriteriaId: "59CDE5D7-3DEC-42DE-8B5A-63903754937B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.", }, ], id: "CVE-2000-0205", lastModified: "2024-11-20T23:31:57.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-03-03T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/1013", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/1013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2024-11-21 00:50
Severity ?
Summary
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*", matchCriteriaId: "C374395B-80B1-4FBA-88F6-1C155900E4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*", matchCriteriaId: "F794E937-C7EC-423B-AF79-F7C214114BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.", }, { lang: "es", value: "Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos ejecutar código de su elección mediante un paquete con un valor pequeño en un campo de tamaño no especificado.", }, ], id: "CVE-2008-3865", lastModified: "2024-11-21T00:50:18.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-21T20:30:00.203", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-42/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://securityreason.com/securityalert/4937", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021614", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021615", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-42/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/500195/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | corporate_3.5 | |
| trend_micro | officescan | corporate_3.11 | |
| trend_micro | officescan | corporate_3.13 | |
| trend_micro | officescan | corporate_3.54 | |
| trend_micro | officescan | corporate_5.02 | |
| trend_micro | officescan | corporate_5.5 | |
| trend_micro | officescan | corporate_5.58 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*", matchCriteriaId: "4013BF7E-DE8F-4941-BF15-D17C8C88DB78", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*", matchCriteriaId: "BE60F5D9-35D0-4D0E-85D1-EE71E533622F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*", matchCriteriaId: "BF74A292-2B1B-43FC-AA82-CFB04D7644E3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*", matchCriteriaId: "46575AE8-8718-44D8-AF5C-14F7981B3238", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*", matchCriteriaId: "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.5:*:*:*:*:*:*:*", matchCriteriaId: "E6F25D89-826B-4FA0-AA8F-CD729F00F9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*", matchCriteriaId: "BEE87037-D7CC-480B-BBD2-F1802294D4F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.", }, ], id: "CVE-2004-2430", lastModified: "2024-11-20T23:53:20.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/11806", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.osvdb.org/6840", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/10503", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/11806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.osvdb.org/6840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/10503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-11-30 23:28
Modified
2024-11-21 00:22
Severity ?
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", matchCriteriaId: "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.", }, { lang: "es", value: "Desbordamiento de búfer en PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe para Trend Micro OfficeScan 7.3 anterior a build 7.3.0.1087 permite a atacantes remotos ejecutar código de su elección mediante vectores de ataque no especificados.", }, ], id: "CVE-2006-6178", lastModified: "2024-11-21T00:22:05.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-11-30T23:28:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/21442", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/4852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/21442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/4852", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-30 16:41
Modified
2024-11-21 00:49
Severity ?
Summary
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:corporate:*:*:*:*:*", matchCriteriaId: "D64A2814-891E-46FC-90D3-F3C90DF4045D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "Un desbordamiento de búfer en el control ActiveX de la clase ObjRemoveCtrl en la biblioteca OfficeScanRemoveCtrl.dll versión 7.3.0.1020 en Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment versiones 7.0, build 7.3 1343 Patch 4 y otras builds, y versión 8.0; Client Server Messaging Security (CSM) versiones 3.5 y 3.6; y Worry-Free Business Security (WFBS) versión 5.0, de Trend Micro, permite a los atacantes remotos ejecutar código arbitrario por medio de una cadena larga en la propiedad Server, y posiblemente otras propiedades. NOTA: algunos de estos datos fueron obtenidos de la información de terceros.", }, ], id: "CVE-2008-3364", lastModified: "2024-11-21T00:49:04.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-07-30T16:41:00.000", references: [ { source: "cve@mitre.org", url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31277", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31440", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/4061", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30407", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020569", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2220/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/6152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31277", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4061", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020569", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2220/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/6152", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2024-11-21 00:50
Severity ?
Summary
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*", matchCriteriaId: "C374395B-80B1-4FBA-88F6-1C155900E4DB", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*", matchCriteriaId: "F794E937-C7EC-423B-AF79-F7C214114BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.", }, { lang: "es", value: "El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC, utilizado en Trend Micro OfficeScan 8.0 SP1 parche 1 e Internet Security 2007 y 2008 v17.0.1224, se basa en la protección de la contraseña del lado del cliente implementada en la configuración GUI, lo que permite a usuarios locales evitar las restricciones de de acceso previstas y cambiar las configuraciones del cortafuegos utilizando un cliente modificado que envía paquetes manipulados.", }, ], id: "CVE-2008-3866", lastModified: "2024-11-21T00:50:18.583", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-21T20:30:00.233", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-43/", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021616", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1021617", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/31160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/33609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-43/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2000-02-28 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:3.5:*:*:*:*:*:*:*", matchCriteriaId: "59CDE5D7-3DEC-42DE-8B5A-63903754937B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.", }, ], id: "CVE-2000-0203", lastModified: "2024-11-20T23:31:57.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-02-28T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/1013", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/1013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-10-05 04:04
Modified
2024-11-21 00:18
Severity ?
Summary
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_7.3:*:*:*:*:*:*:*", matchCriteriaId: "78CDE85D-4C4B-42D0-BF64-11E880168A83", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console's Remote Client Install name search\".", }, { lang: "es", value: "Vulnerabilidad de cadena de formato en el control ActiveX (ATXCONSOLE.OCX) en TrendMicro OfficeScan Corporate Edition (OSCE) anterior a 7.3 Patch 1 permite a atacantes remotos ejecutar código de su elección mediante identificadores de cadena de formato en el \"Management Console's Remote Client Install name search\".", }, ], evaluatorSolution: "This vulnerability is addressed in the following product patch:\r\nTrend Micro, OfficeScan, Corporate 7.3 Patch 1", id: "CVE-2006-5157", lastModified: "2024-11-21T00:18:06.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2006-10-05T04:04:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22224", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/1682", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://securitytracker.com/id?1016963", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/788860", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.layereddefense.com/TREND01OCT.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/447498/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/20284", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/3870", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/22224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/1682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://securitytracker.com/id?1016963", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/788860", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.layereddefense.com/TREND01OCT.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/447498/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/20284", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/3870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-06-27 00:30
Modified
2024-11-21 00:33
Severity ?
Summary
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:*:corporate:*:*:*:*:*", matchCriteriaId: "22F51496-74DC-4D60-9ADF-442DAC84891E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to \"stored decrypted user logon information.\"", }, { lang: "es", value: "El archivo cgiChkMasterPwd.exe versiones anteriores a 8.0.0.142 en Trend Micro OfficeScan Corporate Edition versión 8.0, permite a atacantes remotos omitir el requisito de contraseña y conseguir acceso a la Consola de Administración por medio de un hash vacío y una cadena de contraseña cifrada vacía, relacionada con la \"stored decrypted user logon information\".", }, ], id: "CVE-2007-3455", lastModified: "2024-11-21T00:33:17.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-06-27T00:30:00.000", references: [ { source: "cve@mitre.org", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558", }, { source: "cve@mitre.org", url: "http://osvdb.org/36628", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/25778", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/24641", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/24935", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1018320", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/2330", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/36628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/25778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/24641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/24935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1018320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/2330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-11-30 23:28
Modified
2024-11-21 00:22
Severity ?
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", matchCriteriaId: "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.", }, { lang: "es", value: "Desbordamiento de búfer en PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe para el Trend Micro OfficeScan 7.3 anterior a la versión 7.3.0.1089, permite a atacantes remotos ejecutar código de su elección a través de vectores de ataque desconocidos.", }, ], id: "CVE-2006-6179", lastModified: "2024-11-21T00:22:05.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-11-30T23:28:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/21442", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/4852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/21442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/4852", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-12-18 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_5.02 | |
| trend_micro | pc-cillin | 2000 | |
| trend_micro | pc-cillin | 2002 | |
| trend_micro | pc-cillin | 2003 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*", matchCriteriaId: "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2000:*:*:*:*:*:*:*", matchCriteriaId: "9994E64C-0E8C-4A9C-A321-6A73A16E33AF", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2002:*:*:*:*:*:*:*", matchCriteriaId: "A65282E0-2332-4CAA-9BA9-3794C2CDE960", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc-cillin:2003:*:*:*:*:*:*:*", matchCriteriaId: "E56D571B-649D-41E2-A502-6C1EBAB73F62", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).", }, { lang: "es", value: "Desbordamiento de búfer en pop3trap.exe en PC-cillin 2000, 2002, y 2003 permite a usuarios locales la ejecución arbitraria de código mediante una cadena de caracteres larga de entrada en el puerto TCP 110 (POP3).", }, ], id: "CVE-2002-1349", lastModified: "2024-11-20T23:41:05.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-12-18T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=103953822705917&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/157961", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/6350", }, { source: "cve@mitre.org", tags: [ "URL Repurposed", ], url: "http://www.texonet.com/advisories/TEXONET-20021210.txt", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=103953822705917&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/157961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/6350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.texonet.com/advisories/TEXONET-20021210.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-10-03 15:07
Modified
2024-11-21 00:46
Severity ?
Summary
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 | |
| trend_micro | worry_free_business_security | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", matchCriteriaId: "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1:*:*:*:*:*:*", matchCriteriaId: "8FCFB646-3649-454D-8492-1640D98ED0C9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:worry_free_business_security:5.0:*:*:*:*:*:*:*", matchCriteriaId: "BB06F18F-DE90-43FE-8B23-AC2784BBB2C8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en la función UpdateAgent en TmListen.exe en el servicio OfficeScanNT Listener del cliente de Trend Micro OfficeScan v7.3 Patch 4 build v1367 y otros builds versiones anteriores a v1372, OfficeScan 8.0 SP1 versiones anteriores a build v1222, OfficeScan 8.0 SP1 Patch 1 versiones anteriores a build 3087, y Worry-Free Business Security 5.0 versiones anteriores a build v1220 permite a atacantes remotos leer ficheros de su elección a través de secuencias de salto de directorio en una petición HTTP.\r\nNOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros.\r\n", }, ], id: "CVE-2008-2439", lastModified: "2024-11-21T00:46:53.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-10-03T15:07:10.633", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/31343", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/32097", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-39/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/archive/1/496970/100/0/threaded", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/bid/31531", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1020975", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2008/2711", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2008/2712", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/31343", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/32097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-39/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/496970/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-03-24 11:02
Modified
2024-11-21 00:08
Severity ?
Summary
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 5.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:5.5:*:*:*:*:*:*:*", matchCriteriaId: "C563A4F9-14B8-481C-9C52-1483C8D507BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.", }, ], id: "CVE-2006-1381", lastModified: "2024-11-21T00:08:43.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-03-24T11:02:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/11576", }, { source: "cve@mitre.org", tags: [ "URL Repurposed", ], url: "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/1041", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/11576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/1041", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-06-27 00:30
Modified
2024-11-21 00:33
Severity ?
Summary
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:corporate:*:*:*:*:*", matchCriteriaId: "D64A2814-891E-46FC-90D3-F3C90DF4045D", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:*:corporate:*:*:*:*:*", matchCriteriaId: "22F51496-74DC-4D60-9ADF-442DAC84891E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.", }, { lang: "es", value: "Un desbordamiento de búfer en la región stack de la memoria en la biblioteca CGIOCommon.dll versiones anteriores a 8.0.0.1042 en Trend Micro OfficeScan Corporate Edition versión 8.0, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones diseñadas largas, como es demostrado usando una cookie de sesión larga para programas CGI no especificados que utilizan esta biblioteca", }, ], id: "CVE-2007-3454", lastModified: "2024-11-21T00:33:16.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-06-27T00:30:00.000", references: [ { source: "cve@mitre.org", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559", }, { source: "cve@mitre.org", url: "http://osvdb.org/36629", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/25778", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1018320", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/24641", }, { source: "cve@mitre.org", url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/2330", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/36629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/25778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1018320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/24641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/2330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-05-07 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | corporate_3.5 | |
| trend_micro | officescan | corporate_3.11 | |
| trend_micro | officescan | corporate_3.13 | |
| trend_micro | officescan | corporate_3.54 | |
| trend_micro | officescan | corporate_5.02 | |
| trend_micro | officescan | corporate_5.58 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*", matchCriteriaId: "4013BF7E-DE8F-4941-BF15-D17C8C88DB78", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*", matchCriteriaId: "BE60F5D9-35D0-4D0E-85D1-EE71E533622F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*", matchCriteriaId: "BF74A292-2B1B-43FC-AA82-CFB04D7644E3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*", matchCriteriaId: "46575AE8-8718-44D8-AF5C-14F7981B3238", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*", matchCriteriaId: "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*", matchCriteriaId: "BEE87037-D7CC-480B-BBD2-F1802294D4F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection.", }, ], id: "CVE-2004-2006", lastModified: "2024-11-20T23:52:16.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-05-07T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=108395366909344&w=2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/11576", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/5990", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/10300", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=108395366909344&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/11576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/5990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/10300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-10-15 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_3.53 | |
| trend_micro | virus_buster | corporate_3.53 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.53:*:*:*:*:*:*:*", matchCriteriaId: "C5FF32ED-84C2-4A22-BA4D-2436B96A69A8", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:*:*:*:*:*:*:*", matchCriteriaId: "924B6C34-036E-4A3E-A5CA-219D06379A1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.", }, ], id: "CVE-2001-1151", lastModified: "2024-11-20T23:37:00.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-10-15T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/220666", }, { source: "cve@mitre.org", url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/220666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-12-11 17:28
Modified
2024-11-21 00:22
Severity ?
Summary
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | pc_cillin_-_internet_security_2006 | * | |
| trend_micro | serverprotect | 5.58 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", matchCriteriaId: "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006:*:*:*:*:*:*:*:*", matchCriteriaId: "2D237983-725B-43B5-B733-D25397A846C7", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*", matchCriteriaId: "1364240C-2070-4CEA-BAE9-E94EAFFBBF1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.", }, { lang: "es", value: "El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU y cuelgue de aplicación) mediante un archivo RAR mal formado con una sección Cabecera de Archivo con lo campos head_size (tamaño de cabecera) y pack_size (tamaño de paquete) puestos a cero, lo cual dispara un bucle infinito.", }, ], id: "CVE-2006-6458", lastModified: "2024-11-21T00:22:44.153", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-12-11T17:28:00.000", references: [ { source: "cve@mitre.org", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/23321", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/21509", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/4918", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/23321", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/21509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/4918", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-09-16 22:00
Modified
2024-11-21 00:46
Severity ?
Summary
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | client-server-messaging_security | 2.0 | |
| trend_micro | client-server-messaging_security | 3.0 | |
| trend_micro | client-server-messaging_security | 3.5 | |
| trend_micro | client-server-messaging_security | 3.6 | |
| trend_micro | officescan | 7.0 | |
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:client-server-messaging_security:2.0:*:*:*:*:*:*:*", matchCriteriaId: "5608EC01-6625-4B55-BB2F-7EDD2A2C5F75", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:client-server-messaging_security:3.0:*:*:*:*:*:*:*", matchCriteriaId: "E1C7AAB1-847F-41AC-8324-3B96ACDF42C9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:client-server-messaging_security:3.5:*:*:*:*:*:*:*", matchCriteriaId: "C0F900AA-550D-4D41-8777-B470EF8E5235", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:client-server-messaging_security:3.6:*:*:*:*:*:*:*", matchCriteriaId: "241286A4-320A-4F3A-B5B2-2C19BBDFCC4C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:7.0:*:*:*:*:*:*:*", matchCriteriaId: "0B4D4F2B-4B34-42DA-A23A-16490F19EF53", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", matchCriteriaId: "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:7.3:patch_4:*:*:*:*:*:*", matchCriteriaId: "9788F679-89C2-4228-BD38-283C03D3E415", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:*:*:*:*:*:*:*", matchCriteriaId: "A05A70AB-32D4-4948-94B2-DCFED9155DFA", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en cgiRecvFile.exe en Trend Micro OfficeScan 7.3 patch 4 build 1362 y otras, OfficeScan 8.0 y 8.0 SP1, y Client Server Messaging Security 3.6, permite a atacantes remotos ejecutar código de su elección a través de peticiones HTTP que contienen un parámetro largo \"ComputerName\".", }, ], id: "CVE-2008-2437", lastModified: "2024-11-21T00:46:53.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-09-16T22:00:00.710", references: [ { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31342", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-35/", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://securityreason.com/securityalert/4263", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securityfocus.com/archive/1/496281/100/0/threaded", }, { source: "PSIRT-CNA@flexerasoftware.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/31139", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.securitytracker.com/id?1020860", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "http://www.vupen.com/english/advisories/2008/2555", }, { source: "PSIRT-CNA@flexerasoftware.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/secunia_research/2008-35/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/496281/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/31139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020860", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072", }, ], sourceIdentifier: "PSIRT-CNA@flexerasoftware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2000-02-28 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:3.5:*:*:*:*:*:*:*", matchCriteriaId: "59CDE5D7-3DEC-42DE-8B5A-63903754937B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.", }, ], id: "CVE-2000-0204", lastModified: "2024-11-20T23:31:57.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2000-02-28T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html", }, { source: "cve@mitre.org", url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/1013", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.antivirus.com/download/ofce_patch_35.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/1013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-08-22 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.iss.net/security_center/static/7014.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/209375 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/210087 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/3216 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/7014.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/209375 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/210087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3216 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_3.5 | |
| trend_micro | officescan | corporate_3.54 | |
| trend_micro | virus_buster | corporate_3.52 | |
| trend_micro | virus_buster | corporate_3.53 | |
| trend_micro | virus_buster | corporate_3.54 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*", matchCriteriaId: "BE60F5D9-35D0-4D0E-85D1-EE71E533622F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.52:*:*:*:*:*:*:*", matchCriteriaId: "6E3D6BED-09E4-48AD-9AF8-59FFE9241E73", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:*:*:*:*:*:*:*", matchCriteriaId: "924B6C34-036E-4A3E-A5CA-219D06379A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "B4D76FA9-4C35-4D33-A4AC-BAACC16335B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.", }, ], id: "CVE-2001-1150", lastModified: "2024-11-20T23:37:00.467", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-08-22T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/7014.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/209375", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/210087", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/7014.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/209375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/210087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3216", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-10-03 15:07
Modified
2024-11-21 00:51
Severity ?
Summary
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*", matchCriteriaId: "9A220318-78FB-4D3B-968D-7B0BF3BB1969", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1:*:*:*:*:*:*", matchCriteriaId: "8FCFB646-3649-454D-8492-1640D98ED0C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\"", }, { lang: "es", value: "El módulo CGI en el servidor en Trend Micro OfficeScan v8.0 SP1 versiones anteriores a build 2439 y v8.0 SP1 Patch 1 versiones anteriores a build 3087 permite a atacantes remotos provocar una denegación de servicio (puntero de referencia NULL y caída del proceso hijo) a través de cabeceras HTTP manipuladas, relacionado con \"mecanismo de manejo de errores\".", }, ], id: "CVE-2008-4403", lastModified: "2024-11-21T00:51:35.960", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-10-03T15:07:10.807", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32097", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31531", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020974", }, { source: "cve@mitre.org", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { source: "cve@mitre.org", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2712", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020974", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | 3.1.1 | |
| trend_micro | officescan | 3.5 | |
| trend_micro | officescan | 3.5 | |
| trend_micro | officescan | 3.11 | |
| trend_micro | officescan | 3.11 | |
| trend_micro | officescan | 3.13 | |
| trend_micro | officescan | 3.13 | |
| trend_micro | officescan | 3.54 | |
| trend_micro | virus_buster | 3.52 | |
| trend_micro | virus_buster | 3.53 | |
| trend_micro | virus_buster | 3.54 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*", matchCriteriaId: "4013BF7E-DE8F-4941-BF15-D17C8C88DB78", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "6D89F5A6-CF62-4EB2-AD75-0AF4FDA279B6", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "FCE38732-A854-4B45-9F08-0356AB8A2FA0", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*", matchCriteriaId: "B0CB2406-0DDD-4653-94BC-7474B4E298DD", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "CA0852D4-5A87-41E7-A924-8EB4D6827DD7", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*", matchCriteriaId: "BECFA7BB-E0EA-41E9-BE6F-7FD6751D0E37", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "439E4F94-C5E6-4E26-83DC-CECE166CB298", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*", matchCriteriaId: "A37C9CBC-DC20-40B5-9713-C823935ECA1C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "0935C827-9E24-4DB2-B694-BB233F6693F9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*", matchCriteriaId: "BD6B7257-8D78-4EED-8E92-2FF807018E1F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*", matchCriteriaId: "951A2994-54C5-401D-9254-0E814A4B8538", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*", matchCriteriaId: "AA8EF8C3-D6B3-4037-BE06-85196EC150F2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*", matchCriteriaId: "49591281-E68C-4F97-AC98-73BB1B5A0A40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.", }, ], id: "CVE-2003-1341", lastModified: "2024-11-20T23:46:54.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { source: "cve@mitre.org", url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/7881", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/6181", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/6616", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/7881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/6181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/6616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-16", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }