Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    218 vulnerabilities by trend_micro

    CVE-2016-5840 (GCVE-0-2016-5840)

    Vulnerability from nvd – Published: 2016-06-30 16:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:09.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
              },
              {
                "name": "JVNDB-2016-000103",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
              },
              {
                "name": "JVN#55428526",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55428526/index.html"
              },
              {
                "name": "40180",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40180/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-28T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
            },
            {
              "name": "JVNDB-2016-000103",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
            },
            {
              "name": "JVN#55428526",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55428526/index.html"
            },
            {
              "name": "40180",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40180/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5840",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-373",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
                },
                {
                  "name": "JVNDB-2016-000103",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
                },
                {
                  "name": "JVN#55428526",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55428526/index.html"
                },
                {
                  "name": "40180",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/40180/"
                },
                {
                  "name": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5840",
        "datePublished": "2016-06-30T16:00:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:09.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3664 (GCVE-0-2016-3664)

    Vulnerability from nvd – Published: 2016-05-23 19:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-05-23T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html"
                },
                {
                  "name": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html",
                  "refsource": "MISC",
                  "url": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html"
                },
                {
                  "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx",
                  "refsource": "CONFIRM",
                  "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3664",
        "datePublished": "2016-05-23T19:00:00.000Z",
        "dateReserved": "2016-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3326 (GCVE-0-2015-3326)

    Vulnerability from nvd – Published: 2015-05-14 00:00 – Updated: 2024-08-06 05:47
    VLAI
    Summary
    Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:47:56.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
              },
              {
                "name": "74661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74661"
              },
              {
                "name": "1032323",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032323"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
            },
            {
              "name": "74661",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74661"
            },
            {
              "name": "1032323",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032323"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3326",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
                },
                {
                  "name": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html",
                  "refsource": "MISC",
                  "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
                },
                {
                  "name": "74661",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74661"
                },
                {
                  "name": "1032323",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032323"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3326",
        "datePublished": "2015-05-14T00:00:00.000Z",
        "dateReserved": "2015-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:47:56.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2998 (GCVE-0-2012-2998)

    Vulnerability from nvd – Published: 2012-09-28 10:00 – Updated: 2024-08-06 19:50
    VLAI
    Summary
    SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:50:05.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/"
              },
              {
                "name": "JVNDB-2012-000090",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt"
              },
              {
                "name": "1027584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027584"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt"
              },
              {
                "name": "VU#950795",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/950795"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx"
              },
              {
                "name": "JVN#42014489",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN42014489/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-14T10:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/"
            },
            {
              "name": "JVNDB-2012-000090",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt"
            },
            {
              "name": "1027584",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027584"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt"
            },
            {
              "name": "VU#950795",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/950795"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx"
            },
            {
              "name": "JVN#42014489",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN42014489/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2012-2998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/",
                  "refsource": "MISC",
                  "url": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/"
                },
                {
                  "name": "JVNDB-2012-000090",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt"
                },
                {
                  "name": "1027584",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027584"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt"
                },
                {
                  "name": "VU#950795",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/950795"
                },
                {
                  "name": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx"
                },
                {
                  "name": "JVN#42014489",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN42014489/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2012-2998",
        "datePublished": "2012-09-28T10:00:00.000Z",
        "dateReserved": "2012-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:50:05.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5001 (GCVE-0-2011-5001)

    Vulnerability from nvd – Published: 2011-12-25 01:00 – Updated: 2024-08-07 00:23
    VLAI
    Summary
    Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:23:39.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520780/100/0/threaded"
              },
              {
                "name": "1026390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026390"
              },
              {
                "name": "cm-cgenericscheduleraddtask-bo(71681)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71681"
              },
              {
                "name": "47114",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520780/100/0/threaded"
            },
            {
              "name": "1026390",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026390"
            },
            {
              "name": "cm-cgenericscheduleraddtask-bo(71681)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71681"
            },
            {
              "name": "47114",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5001",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/520780/100/0/threaded"
                },
                {
                  "name": "1026390",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1026390"
                },
                {
                  "name": "cm-cgenericscheduleraddtask-bo(71681)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71681"
                },
                {
                  "name": "47114",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47114"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5001",
        "datePublished": "2011-12-25T01:00:00.000Z",
        "dateReserved": "2011-12-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:23:39.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3866 (GCVE-0-2008-3866)

    Vulnerability from nvd – Published: 2009-01-21 20:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/secunia_research/2008-43/ x_refsource_MISC
    http://www.trendmicro.com/ftp/documentation/readm… x_refsource_MISC
    http://www.securitytracker.com/id?1021616 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1021617 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/33358 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/0191 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33609 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31160 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-43/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
              },
              {
                "name": "1021616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021616"
              },
              {
                "name": "nsc-tmpfw-security-bypass(48108)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
              },
              {
                "name": "1021617",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021617"
              },
              {
                "name": "33358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33358"
              },
              {
                "name": "ADV-2009-0191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0191"
              },
              {
                "name": "33609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33609"
              },
              {
                "name": "31160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31160"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-43/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
            },
            {
              "name": "1021616",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021616"
            },
            {
              "name": "nsc-tmpfw-security-bypass(48108)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
            },
            {
              "name": "1021617",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021617"
            },
            {
              "name": "33358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33358"
            },
            {
              "name": "ADV-2009-0191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0191"
            },
            {
              "name": "33609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33609"
            },
            {
              "name": "31160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31160"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-3866",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://secunia.com/secunia_research/2008-43/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-43/"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
                  "refsource": "MISC",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
                },
                {
                  "name": "1021616",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021616"
                },
                {
                  "name": "nsc-tmpfw-security-bypass(48108)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
                },
                {
                  "name": "1021617",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021617"
                },
                {
                  "name": "33358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33358"
                },
                {
                  "name": "ADV-2009-0191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0191"
                },
                {
                  "name": "33609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33609"
                },
                {
                  "name": "31160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31160"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-3866",
        "datePublished": "2009-01-21T20:00:00.000Z",
        "dateReserved": "2008-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3865 (GCVE-0-2008-3865)

    Vulnerability from nvd – Published: 2009-01-21 20:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1021615 vdb-entryx_refsource_SECTRACK
    http://secunia.com/secunia_research/2008-42/ x_refsource_MISC
    http://www.trendmicro.com/ftp/documentation/readm… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/500195/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/33358 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/0191 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33609 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/4937 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/31160 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021614 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1021615",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021615"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-42/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
              },
              {
                "name": "tmpfw-apithread-bo(48107)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
              },
              {
                "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
              },
              {
                "name": "33358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33358"
              },
              {
                "name": "ADV-2009-0191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0191"
              },
              {
                "name": "33609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33609"
              },
              {
                "name": "4937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4937"
              },
              {
                "name": "31160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31160"
              },
              {
                "name": "1021614",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021614"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "1021615",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021615"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-42/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
            },
            {
              "name": "tmpfw-apithread-bo(48107)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
            },
            {
              "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
            },
            {
              "name": "33358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33358"
            },
            {
              "name": "ADV-2009-0191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0191"
            },
            {
              "name": "33609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33609"
            },
            {
              "name": "4937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4937"
            },
            {
              "name": "31160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31160"
            },
            {
              "name": "1021614",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021614"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-3865",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1021615",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021615"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-42/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-42/"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
                },
                {
                  "name": "tmpfw-apithread-bo(48107)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
                },
                {
                  "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
                },
                {
                  "name": "33358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33358"
                },
                {
                  "name": "ADV-2009-0191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0191"
                },
                {
                  "name": "33609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33609"
                },
                {
                  "name": "4937",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4937"
                },
                {
                  "name": "31160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31160"
                },
                {
                  "name": "1021614",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021614"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-3865",
        "datePublished": "2009-01-21T20:00:00.000Z",
        "dateReserved": "2008-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3864 (GCVE-0-2008-3864)

    Vulnerability from nvd – Published: 2009-01-21 20:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1021615 vdb-entryx_refsource_SECTRACK
    http://secunia.com/secunia_research/2008-42/ x_refsource_MISC
    http://www.trendmicro.com/ftp/documentation/readm… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/500195/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/33358 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/0191 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33609 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/4937 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/31160 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021614 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1021615",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021615"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-42/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
              },
              {
                "name": "tmpfw-apithread-dos(48106)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
              },
              {
                "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
              },
              {
                "name": "33358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33358"
              },
              {
                "name": "ADV-2009-0191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0191"
              },
              {
                "name": "33609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33609"
              },
              {
                "name": "4937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4937"
              },
              {
                "name": "31160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31160"
              },
              {
                "name": "1021614",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021614"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "1021615",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021615"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-42/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
            },
            {
              "name": "tmpfw-apithread-dos(48106)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
            },
            {
              "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
            },
            {
              "name": "33358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33358"
            },
            {
              "name": "ADV-2009-0191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0191"
            },
            {
              "name": "33609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33609"
            },
            {
              "name": "4937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4937"
            },
            {
              "name": "31160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31160"
            },
            {
              "name": "1021614",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021614"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-3864",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1021615",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021615"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-42/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-42/"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
                },
                {
                  "name": "tmpfw-apithread-dos(48106)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
                },
                {
                  "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
                },
                {
                  "name": "33358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33358"
                },
                {
                  "name": "ADV-2009-0191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0191"
                },
                {
                  "name": "33609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33609"
                },
                {
                  "name": "4937",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4937"
                },
                {
                  "name": "31160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31160"
                },
                {
                  "name": "1021614",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021614"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-3864",
        "datePublished": "2009-01-21T20:00:00.000Z",
        "dateReserved": "2008-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2435 (GCVE-0-2008-2435)

    Vulnerability from nvd – Published: 2008-12-23 18:13 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/702628 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/499478/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/3464 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/32950 vdb-entryx_refsource_BID
    http://www.osvdb.org/50843 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/31583 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021481 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/secunia_research/2008-34/ x_refsource_MISC
    http://esupport.trendmicro.com/support/viewxml.do… x_refsource_CONFIRM
    Date Public
    2008-12-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#702628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/702628"
              },
              {
                "name": "20081221 Secunia Research: Trend Micro HouseCall \"notifyOnLoadNative()\" Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499478/100/0/threaded"
              },
              {
                "name": "ADV-2008-3464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3464"
              },
              {
                "name": "32950",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32950"
              },
              {
                "name": "50843",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/50843"
              },
              {
                "name": "31583",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31583"
              },
              {
                "name": "1021481",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021481"
              },
              {
                "name": "housecall-notifyonloadnative-code-execution(47523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47523"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-34/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "VU#702628",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/702628"
            },
            {
              "name": "20081221 Secunia Research: Trend Micro HouseCall \"notifyOnLoadNative()\" Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499478/100/0/threaded"
            },
            {
              "name": "ADV-2008-3464",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3464"
            },
            {
              "name": "32950",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32950"
            },
            {
              "name": "50843",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/50843"
            },
            {
              "name": "31583",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31583"
            },
            {
              "name": "1021481",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021481"
            },
            {
              "name": "housecall-notifyonloadnative-code-execution(47523)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47523"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-34/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-2435",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#702628",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/702628"
                },
                {
                  "name": "20081221 Secunia Research: Trend Micro HouseCall \"notifyOnLoadNative()\" Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499478/100/0/threaded"
                },
                {
                  "name": "ADV-2008-3464",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3464"
                },
                {
                  "name": "32950",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32950"
                },
                {
                  "name": "50843",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/50843"
                },
                {
                  "name": "31583",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31583"
                },
                {
                  "name": "1021481",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021481"
                },
                {
                  "name": "housecall-notifyonloadnative-code-execution(47523)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47523"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-34/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-34/"
                },
                {
                  "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-2435",
        "datePublished": "2008-12-23T18:13:00.000Z",
        "dateReserved": "2008-05-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2434 (GCVE-0-2008-2434)

    Vulnerability from nvd – Published: 2008-12-23 18:13 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/541025 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/4802 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/31337 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/3464 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/499495/100… mailing-listx_refsource_BUGTRAQ
    http://esupport.trendmicro.com/support/viewxml.do… x_refsource_MISC
    http://secunia.com/secunia_research/2008-32/ x_refsource_MISC
    http://www.securityfocus.com/bid/32965 vdb-entryx_refsource_BID
    http://osvdb.org/50941 vdb-entryx_refsource_OSVDB
    Date Public
    2008-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#541025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/541025"
              },
              {
                "name": "housecall-library-code-execution(47524)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47524"
              },
              {
                "name": "4802",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4802"
              },
              {
                "name": "31337",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31337"
              },
              {
                "name": "ADV-2008-3464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3464"
              },
              {
                "name": "20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499495/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-32/"
              },
              {
                "name": "32965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32965"
              },
              {
                "name": "50941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50941"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a \"custom update server\" argument.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "VU#541025",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/541025"
            },
            {
              "name": "housecall-library-code-execution(47524)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47524"
            },
            {
              "name": "4802",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4802"
            },
            {
              "name": "31337",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31337"
            },
            {
              "name": "ADV-2008-3464",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3464"
            },
            {
              "name": "20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499495/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-32/"
            },
            {
              "name": "32965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32965"
            },
            {
              "name": "50941",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50941"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-2434",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a \"custom update server\" argument.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#541025",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/541025"
                },
                {
                  "name": "housecall-library-code-execution(47524)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47524"
                },
                {
                  "name": "4802",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4802"
                },
                {
                  "name": "31337",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31337"
                },
                {
                  "name": "ADV-2008-3464",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3464"
                },
                {
                  "name": "20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499495/100/0/threaded"
                },
                {
                  "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646",
                  "refsource": "MISC",
                  "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-32/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-32/"
                },
                {
                  "name": "32965",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32965"
                },
                {
                  "name": "50941",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50941"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-2434",
        "datePublished": "2008-12-23T18:13:00.000Z",
        "dateReserved": "2008-05-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5545 (GCVE-0-2008-5545)

    Vulnerability from nvd – Published: 2008-12-12 18:13 – Updated: 2024-08-07 10:56
    VLAI
    Summary
    Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/4723 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/499043/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/498995/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:56:46.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "multiple-antivirus-mzheader-code-execution(47435)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
              },
              {
                "name": "4723",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4723"
              },
              {
                "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
              },
              {
                "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "multiple-antivirus-mzheader-code-execution(47435)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
            },
            {
              "name": "4723",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4723"
            },
            {
              "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
            },
            {
              "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5545",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "multiple-antivirus-mzheader-code-execution(47435)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
                },
                {
                  "name": "4723",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4723"
                },
                {
                  "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
                },
                {
                  "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5545",
        "datePublished": "2008-12-12T18:13:00.000Z",
        "dateReserved": "2008-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:56:46.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0014 (GCVE-0-2008-0014)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    http://www.iss.net/threats/310.html third-party-advisoryx_refsource_ISS
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/310.html"
              },
              {
                "name": "application-rpc-config3-bo(39920)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39920"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\u0027s configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/310.html"
            },
            {
              "name": "application-rpc-config3-bo(39920)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39920"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0014",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\u0027s configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/310.html"
                },
                {
                  "name": "application-rpc-config3-bo(39920)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39920"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0014",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2007-12-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0013 (GCVE-0-2008-0013)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    http://www.iss.net/threats/310.html third-party-advisoryx_refsource_ISS
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/310.html"
              },
              {
                "name": "application-rpc-config2-bo(39919)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39919"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\u0027s configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/310.html"
            },
            {
              "name": "application-rpc-config2-bo(39919)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39919"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0013",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\u0027s configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/310.html"
                },
                {
                  "name": "application-rpc-config2-bo(39919)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39919"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0013",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2007-12-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0012 (GCVE-0-2008-0012)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.iss.net/threats/310.html third-party-advisoryx_refsource_ISS
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "application-rpc-config1-bo(39918)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39918"
              },
              {
                "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/310.html"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\u0027s configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "application-rpc-config1-bo(39918)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39918"
            },
            {
              "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/310.html"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product\u0027s configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "application-rpc-config1-bo(39918)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39918"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/310.html"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0012",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2007-12-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.366Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0074 (GCVE-0-2007-0074)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 12:03
    VLAI
    Summary
    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    http://www.iss.net/threats/309.html third-party-advisoryx_refsource_ISS
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:03:36.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              },
              {
                "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/309.html"
              },
              {
                "name": "application-rpc-folder-read-bo(39051)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39051"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            },
            {
              "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/309.html"
            },
            {
              "name": "application-rpc-folder-read-bo(39051)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39051"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/309.html"
                },
                {
                  "name": "application-rpc-folder-read-bo(39051)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39051"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0074",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2007-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:03:36.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0073 (GCVE-0-2007-0073)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 12:03
    VLAI
    Summary
    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.iss.net/threats/309.html third-party-advisoryx_refsource_ISS
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:03:37.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              },
              {
                "name": "application-rpc-file-read-bo(39050)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39050"
              },
              {
                "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/309.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            },
            {
              "name": "application-rpc-file-read-bo(39050)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39050"
            },
            {
              "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/309.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                },
                {
                  "name": "application-rpc-file-read-bo(39050)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39050"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/309.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0073",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2007-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:03:37.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0072 (GCVE-0-2007-0072)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 12:03
    VLAI
    Summary
    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    http://www.iss.net/threats/309.html third-party-advisoryx_refsource_ISS
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:03:37.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "application-rpc-read-bo(38760)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38760"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              },
              {
                "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/309.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "application-rpc-read-bo(38760)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38760"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            },
            {
              "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/309.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "application-rpc-read-bo(38760)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38760"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/309.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0072",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2007-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:03:37.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5269 (GCVE-0-2006-5269)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    http://www.iss.net/threats/308.html third-party-advisoryx_refsource_ISS
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.346Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "application-rpc-interface-bo(31113)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31113"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              },
              {
                "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/308.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "application-rpc-interface-bo(31113)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31113"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            },
            {
              "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflow",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/308.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5269",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "application-rpc-interface-bo(31113)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31113"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflow",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/308.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5269",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2006-10-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5268 (GCVE-0-2006-5268)

    Vulnerability from nvd – Published: 2008-11-17 23:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/32618 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/32261 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/768681 third-party-advisoryx_refsource_CERT-VN
    http://blogs.iss.net/archive/trend.html x_refsource_MISC
    http://www.vupen.com/english/advisories/2008/3127 vdb-entryx_refsource_VUPEN
    http://www.iss.net/threats/307.html third-party-advisoryx_refsource_ISS
    Date Public
    2008-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32618",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32618"
              },
              {
                "name": "application-unauth-admin-access(31112)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31112"
              },
              {
                "name": "32261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32261"
              },
              {
                "name": "VU#768681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/768681"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.iss.net/archive/trend.html"
              },
              {
                "name": "ADV-2008-3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3127"
              },
              {
                "name": "20081111 Trend Micro ServerProtect Unauthenticated Remote Administration",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/threats/307.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining \"administrative access to the RPC interface.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32618",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32618"
            },
            {
              "name": "application-unauth-admin-access(31112)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31112"
            },
            {
              "name": "32261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32261"
            },
            {
              "name": "VU#768681",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/768681"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.iss.net/archive/trend.html"
            },
            {
              "name": "ADV-2008-3127",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3127"
            },
            {
              "name": "20081111 Trend Micro ServerProtect Unauthenticated Remote Administration",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://www.iss.net/threats/307.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining \"administrative access to the RPC interface.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32618",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32618"
                },
                {
                  "name": "application-unauth-admin-access(31112)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31112"
                },
                {
                  "name": "32261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32261"
                },
                {
                  "name": "VU#768681",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/768681"
                },
                {
                  "name": "http://blogs.iss.net/archive/trend.html",
                  "refsource": "MISC",
                  "url": "http://blogs.iss.net/archive/trend.html"
                },
                {
                  "name": "ADV-2008-3127",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3127"
                },
                {
                  "name": "20081111 Trend Micro ServerProtect Unauthenticated Remote Administration",
                  "refsource": "ISS",
                  "url": "http://www.iss.net/threats/307.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5268",
        "datePublished": "2008-11-17T23:00:00.000Z",
        "dateReserved": "2006-10-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5840 (GCVE-0-2016-5840)

    Vulnerability from cvelistv5 – Published: 2016-06-30 16:00 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:09.017Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
              },
              {
                "name": "JVNDB-2016-000103",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
              },
              {
                "name": "JVN#55428526",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN55428526/index.html"
              },
              {
                "name": "40180",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40180/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-28T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
            },
            {
              "name": "JVNDB-2016-000103",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
            },
            {
              "name": "JVN#55428526",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN55428526/index.html"
            },
            {
              "name": "40180",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40180/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-5840",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-373",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-373"
                },
                {
                  "name": "JVNDB-2016-000103",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000103.html"
                },
                {
                  "name": "JVN#55428526",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN55428526/index.html"
                },
                {
                  "name": "40180",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/40180/"
                },
                {
                  "name": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/solution/en-US/1114281.aspx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-5840",
        "datePublished": "2016-06-30T16:00:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:09.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3664 (GCVE-0-2016-3664)

    Vulnerability from cvelistv5 – Published: 2016-05-23 19:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.374Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-05-23T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/137020/Trend-Micro-Mobile-Security-Man-In-The-Middle.html"
                },
                {
                  "name": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html",
                  "refsource": "MISC",
                  "url": "http://www.info-sec.ca/advisories/Trend-Micro-Mobile-Security.html"
                },
                {
                  "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx",
                  "refsource": "CONFIRM",
                  "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1114151.aspx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3664",
        "datePublished": "2016-05-23T19:00:00.000Z",
        "dateReserved": "2016-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3326 (GCVE-0-2015-3326)

    Vulnerability from cvelistv5 – Published: 2015-05-14 00:00 – Updated: 2024-08-06 05:47
    VLAI
    Summary
    Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:47:56.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
              },
              {
                "name": "74661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74661"
              },
              {
                "name": "1032323",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032323"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
            },
            {
              "name": "74661",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74661"
            },
            {
              "name": "1032323",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032323"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3326",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/solution/en-US/1109669.aspx"
                },
                {
                  "name": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html",
                  "refsource": "MISC",
                  "url": "http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html"
                },
                {
                  "name": "74661",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74661"
                },
                {
                  "name": "1032323",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032323"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3326",
        "datePublished": "2015-05-14T00:00:00.000Z",
        "dateReserved": "2015-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:47:56.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2998 (GCVE-0-2012-2998)

    Vulnerability from cvelistv5 – Published: 2012-09-28 10:00 – Updated: 2024-08-06 19:50
    VLAI
    Summary
    SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:50:05.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/"
              },
              {
                "name": "JVNDB-2012-000090",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt"
              },
              {
                "name": "1027584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027584"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt"
              },
              {
                "name": "VU#950795",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/950795"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx"
              },
              {
                "name": "JVN#42014489",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN42014489/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-14T10:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/"
            },
            {
              "name": "JVNDB-2012-000090",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt"
            },
            {
              "name": "1027584",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027584"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt"
            },
            {
              "name": "VU#950795",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/950795"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx"
            },
            {
              "name": "JVN#42014489",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN42014489/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2012-2998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/",
                  "refsource": "MISC",
                  "url": "http://www.spentera.com/2012/09/trend-micro-control-manager-sql-injection-vulnerability/"
                },
                {
                  "name": "JVNDB-2012-000090",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000090"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_tmcm60_patch1_1449.txt"
                },
                {
                  "name": "1027584",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027584"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1823.txt"
                },
                {
                  "name": "VU#950795",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/950795"
                },
                {
                  "name": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/solution/en-us/1061043.aspx"
                },
                {
                  "name": "JVN#42014489",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN42014489/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2012-2998",
        "datePublished": "2012-09-28T10:00:00.000Z",
        "dateReserved": "2012-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:50:05.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5001 (GCVE-0-2011-5001)

    Vulnerability from cvelistv5 – Published: 2011-12-25 01:00 – Updated: 2024-08-07 00:23
    VLAI
    Summary
    Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:23:39.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520780/100/0/threaded"
              },
              {
                "name": "1026390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1026390"
              },
              {
                "name": "cm-cgenericscheduleraddtask-bo(71681)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71681"
              },
              {
                "name": "47114",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/47114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520780/100/0/threaded"
            },
            {
              "name": "1026390",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1026390"
            },
            {
              "name": "cm-cgenericscheduleraddtask-bo(71681)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71681"
            },
            {
              "name": "47114",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/47114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5001",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20111207 ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/520780/100/0/threaded"
                },
                {
                  "name": "1026390",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1026390"
                },
                {
                  "name": "cm-cgenericscheduleraddtask-bo(71681)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71681"
                },
                {
                  "name": "47114",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/47114"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-345/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5001",
        "datePublished": "2011-12-25T01:00:00.000Z",
        "dateReserved": "2011-12-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:23:39.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3866 (GCVE-0-2008-3866)

    Vulnerability from cvelistv5 – Published: 2009-01-21 20:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/secunia_research/2008-43/ x_refsource_MISC
    http://www.trendmicro.com/ftp/documentation/readm… x_refsource_MISC
    http://www.securitytracker.com/id?1021616 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1021617 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/33358 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/0191 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33609 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31160 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-43/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
              },
              {
                "name": "1021616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021616"
              },
              {
                "name": "nsc-tmpfw-security-bypass(48108)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
              },
              {
                "name": "1021617",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021617"
              },
              {
                "name": "33358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33358"
              },
              {
                "name": "ADV-2009-0191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0191"
              },
              {
                "name": "33609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33609"
              },
              {
                "name": "31160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31160"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-43/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
            },
            {
              "name": "1021616",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021616"
            },
            {
              "name": "nsc-tmpfw-security-bypass(48108)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
            },
            {
              "name": "1021617",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021617"
            },
            {
              "name": "33358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33358"
            },
            {
              "name": "ADV-2009-0191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0191"
            },
            {
              "name": "33609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33609"
            },
            {
              "name": "31160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31160"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-3866",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://secunia.com/secunia_research/2008-43/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-43/"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
                  "refsource": "MISC",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
                },
                {
                  "name": "1021616",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021616"
                },
                {
                  "name": "nsc-tmpfw-security-bypass(48108)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
                },
                {
                  "name": "1021617",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021617"
                },
                {
                  "name": "33358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33358"
                },
                {
                  "name": "ADV-2009-0191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0191"
                },
                {
                  "name": "33609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33609"
                },
                {
                  "name": "31160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31160"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-3866",
        "datePublished": "2009-01-21T20:00:00.000Z",
        "dateReserved": "2008-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3865 (GCVE-0-2008-3865)

    Vulnerability from cvelistv5 – Published: 2009-01-21 20:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1021615 vdb-entryx_refsource_SECTRACK
    http://secunia.com/secunia_research/2008-42/ x_refsource_MISC
    http://www.trendmicro.com/ftp/documentation/readm… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/500195/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/33358 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/0191 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33609 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/4937 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/31160 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021614 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1021615",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021615"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-42/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
              },
              {
                "name": "tmpfw-apithread-bo(48107)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
              },
              {
                "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
              },
              {
                "name": "33358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33358"
              },
              {
                "name": "ADV-2009-0191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0191"
              },
              {
                "name": "33609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33609"
              },
              {
                "name": "4937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4937"
              },
              {
                "name": "31160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31160"
              },
              {
                "name": "1021614",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021614"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "1021615",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021615"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-42/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
            },
            {
              "name": "tmpfw-apithread-bo(48107)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
            },
            {
              "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
            },
            {
              "name": "33358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33358"
            },
            {
              "name": "ADV-2009-0191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0191"
            },
            {
              "name": "33609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33609"
            },
            {
              "name": "4937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4937"
            },
            {
              "name": "31160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31160"
            },
            {
              "name": "1021614",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021614"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-3865",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1021615",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021615"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-42/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-42/"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
                },
                {
                  "name": "tmpfw-apithread-bo(48107)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
                },
                {
                  "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
                },
                {
                  "name": "33358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33358"
                },
                {
                  "name": "ADV-2009-0191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0191"
                },
                {
                  "name": "33609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33609"
                },
                {
                  "name": "4937",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4937"
                },
                {
                  "name": "31160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31160"
                },
                {
                  "name": "1021614",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021614"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-3865",
        "datePublished": "2009-01-21T20:00:00.000Z",
        "dateReserved": "2008-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3864 (GCVE-0-2008-3864)

    Vulnerability from cvelistv5 – Published: 2009-01-21 20:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1021615 vdb-entryx_refsource_SECTRACK
    http://secunia.com/secunia_research/2008-42/ x_refsource_MISC
    http://www.trendmicro.com/ftp/documentation/readm… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/500195/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/33358 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2009/0191 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33609 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/4937 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/31160 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021614 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1021615",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021615"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-42/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
              },
              {
                "name": "tmpfw-apithread-dos(48106)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
              },
              {
                "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
              },
              {
                "name": "33358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33358"
              },
              {
                "name": "ADV-2009-0191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0191"
              },
              {
                "name": "33609",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33609"
              },
              {
                "name": "4937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4937"
              },
              {
                "name": "31160",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31160"
              },
              {
                "name": "1021614",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021614"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "1021615",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021615"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-42/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
            },
            {
              "name": "tmpfw-apithread-dos(48106)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
            },
            {
              "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
            },
            {
              "name": "33358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33358"
            },
            {
              "name": "ADV-2009-0191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0191"
            },
            {
              "name": "33609",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33609"
            },
            {
              "name": "4937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4937"
            },
            {
              "name": "31160",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31160"
            },
            {
              "name": "1021614",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021614"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-3864",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1021615",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021615"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-42/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-42/"
                },
                {
                  "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
                },
                {
                  "name": "tmpfw-apithread-dos(48106)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
                },
                {
                  "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
                },
                {
                  "name": "33358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33358"
                },
                {
                  "name": "ADV-2009-0191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0191"
                },
                {
                  "name": "33609",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33609"
                },
                {
                  "name": "4937",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4937"
                },
                {
                  "name": "31160",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31160"
                },
                {
                  "name": "1021614",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021614"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-3864",
        "datePublished": "2009-01-21T20:00:00.000Z",
        "dateReserved": "2008-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2434 (GCVE-0-2008-2434)

    Vulnerability from cvelistv5 – Published: 2008-12-23 18:13 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/541025 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/4802 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/31337 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/3464 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/499495/100… mailing-listx_refsource_BUGTRAQ
    http://esupport.trendmicro.com/support/viewxml.do… x_refsource_MISC
    http://secunia.com/secunia_research/2008-32/ x_refsource_MISC
    http://www.securityfocus.com/bid/32965 vdb-entryx_refsource_BID
    http://osvdb.org/50941 vdb-entryx_refsource_OSVDB
    Date Public
    2008-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#541025",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/541025"
              },
              {
                "name": "housecall-library-code-execution(47524)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47524"
              },
              {
                "name": "4802",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4802"
              },
              {
                "name": "31337",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31337"
              },
              {
                "name": "ADV-2008-3464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3464"
              },
              {
                "name": "20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499495/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-32/"
              },
              {
                "name": "32965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32965"
              },
              {
                "name": "50941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50941"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a \"custom update server\" argument.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "VU#541025",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/541025"
            },
            {
              "name": "housecall-library-code-execution(47524)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47524"
            },
            {
              "name": "4802",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4802"
            },
            {
              "name": "31337",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31337"
            },
            {
              "name": "ADV-2008-3464",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3464"
            },
            {
              "name": "20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499495/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-32/"
            },
            {
              "name": "32965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32965"
            },
            {
              "name": "50941",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50941"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-2434",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a \"custom update server\" argument.  NOTE: this can be leveraged for code execution by writing to a Startup folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#541025",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/541025"
                },
                {
                  "name": "housecall-library-code-execution(47524)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47524"
                },
                {
                  "name": "4802",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4802"
                },
                {
                  "name": "31337",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31337"
                },
                {
                  "name": "ADV-2008-3464",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3464"
                },
                {
                  "name": "20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499495/100/0/threaded"
                },
                {
                  "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646",
                  "refsource": "MISC",
                  "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-32/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-32/"
                },
                {
                  "name": "32965",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32965"
                },
                {
                  "name": "50941",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50941"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-2434",
        "datePublished": "2008-12-23T18:13:00.000Z",
        "dateReserved": "2008-05-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2435 (GCVE-0-2008-2435)

    Vulnerability from cvelistv5 – Published: 2008-12-23 18:13 – Updated: 2024-08-07 08:58
    VLAI
    Summary
    Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/702628 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/499478/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/3464 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/32950 vdb-entryx_refsource_BID
    http://www.osvdb.org/50843 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/31583 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021481 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/secunia_research/2008-34/ x_refsource_MISC
    http://esupport.trendmicro.com/support/viewxml.do… x_refsource_CONFIRM
    Date Public
    2008-12-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:58:02.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#702628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/702628"
              },
              {
                "name": "20081221 Secunia Research: Trend Micro HouseCall \"notifyOnLoadNative()\" Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499478/100/0/threaded"
              },
              {
                "name": "ADV-2008-3464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3464"
              },
              {
                "name": "32950",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32950"
              },
              {
                "name": "50843",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/50843"
              },
              {
                "name": "31583",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31583"
              },
              {
                "name": "1021481",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021481"
              },
              {
                "name": "housecall-notifyonloadnative-code-execution(47523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47523"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2008-34/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "VU#702628",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/702628"
            },
            {
              "name": "20081221 Secunia Research: Trend Micro HouseCall \"notifyOnLoadNative()\" Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499478/100/0/threaded"
            },
            {
              "name": "ADV-2008-3464",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3464"
            },
            {
              "name": "32950",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32950"
            },
            {
              "name": "50843",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/50843"
            },
            {
              "name": "31583",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31583"
            },
            {
              "name": "1021481",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021481"
            },
            {
              "name": "housecall-notifyonloadnative-code-execution(47523)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47523"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2008-34/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2008-2435",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#702628",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/702628"
                },
                {
                  "name": "20081221 Secunia Research: Trend Micro HouseCall \"notifyOnLoadNative()\" Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499478/100/0/threaded"
                },
                {
                  "name": "ADV-2008-3464",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3464"
                },
                {
                  "name": "32950",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32950"
                },
                {
                  "name": "50843",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/50843"
                },
                {
                  "name": "31583",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31583"
                },
                {
                  "name": "1021481",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021481"
                },
                {
                  "name": "housecall-notifyonloadnative-code-execution(47523)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47523"
                },
                {
                  "name": "http://secunia.com/secunia_research/2008-34/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2008-34/"
                },
                {
                  "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646",
                  "refsource": "CONFIRM",
                  "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646\u0026id=EN-1038646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2008-2435",
        "datePublished": "2008-12-23T18:13:00.000Z",
        "dateReserved": "2008-05-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:58:02.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5545 (GCVE-0-2008-5545)

    Vulnerability from cvelistv5 – Published: 2008-12-12 18:13 – Updated: 2024-08-07 10:56
    VLAI
    Summary
    Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/4723 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/499043/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/498995/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:56:46.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "multiple-antivirus-mzheader-code-execution(47435)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
              },
              {
                "name": "4723",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4723"
              },
              {
                "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
              },
              {
                "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "multiple-antivirus-mzheader-code-execution(47435)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
            },
            {
              "name": "4723",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4723"
            },
            {
              "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
            },
            {
              "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5545",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "multiple-antivirus-mzheader-code-execution(47435)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
                },
                {
                  "name": "4723",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4723"
                },
                {
                  "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
                },
                {
                  "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5545",
        "datePublished": "2008-12-12T18:13:00.000Z",
        "dateReserved": "2008-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:56:46.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }