Vulnerabilites related to trend_micro - officescan
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C374395B-80B1-4FBA-88F6-1C155900E4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*",
"matchCriteriaId": "F794E937-C7EC-423B-AF79-F7C214114BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en la funci\u00f3n ApiThread en el servicio de cortafuegos (tambi\u00e9n conocido como TmPfw.exe) en los m\u00f3dulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete con un valor peque\u00f1o en un campo de tama\u00f1o no especificado."
}
],
"id": "CVE-2008-3865",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-21T20:30:00.203",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31160"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33609"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/4937"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021614"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021615"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-27 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:corporate:*:*:*:*:*",
"matchCriteriaId": "D64A2814-891E-46FC-90D3-F3C90DF4045D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "22F51496-74DC-4D60-9ADF-442DAC84891E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la biblioteca CGIOCommon.dll versiones anteriores a 8.0.0.1042 en Trend Micro OfficeScan Corporate Edition versi\u00f3n 8.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de peticiones dise\u00f1adas largas, como es demostrado usando una cookie de sesi\u00f3n larga para programas CGI no especificados que utilizan esta biblioteca"
}
],
"id": "CVE-2007-3454",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-27T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36629"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25778"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018320"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24641"
},
{
"source": "cve@mitre.org",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-27 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "22F51496-74DC-4D60-9ADF-442DAC84891E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to \"stored decrypted user logon information.\""
},
{
"lang": "es",
"value": "El archivo cgiChkMasterPwd.exe versiones anteriores a 8.0.0.142 en Trend Micro OfficeScan Corporate Edition versi\u00f3n 8.0, permite a atacantes remotos omitir el requisito de contrase\u00f1a y conseguir acceso a la Consola de Administraci\u00f3n por medio de un hash vac\u00edo y una cadena de contrase\u00f1a cifrada vac\u00eda, relacionada con la \"stored decrypted user logon information\"."
}
],
"id": "CVE-2007-3455",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-27T00:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36628"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25778"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24641"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24935"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018320"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-30 16:41
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:corporate:*:*:*:*:*",
"matchCriteriaId": "D64A2814-891E-46FC-90D3-F3C90DF4045D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en el control ActiveX de la clase ObjRemoveCtrl en la biblioteca OfficeScanRemoveCtrl.dll versi\u00f3n 7.3.0.1020 en Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment versiones 7.0, build 7.3 1343 Patch 4 y otras builds, y versi\u00f3n 8.0; Client Server Messaging Security (CSM) versiones 3.5 y 3.6; y Worry-Free Business Security (WFBS) versi\u00f3n 5.0, de Trend Micro, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una cadena larga en la propiedad Server, y posiblemente otras propiedades. NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-3364",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-30T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899\u0026id=EN-1037899"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31277"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31440"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4061"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30407"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020569"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2220/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899\u0026id=EN-1037899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2220/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-08 18:28
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:client-server-messaging_suite_smb:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "8C9AAAD5-E973-41CB-B7FD-85D1EA04F6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:client-server_suite_smb:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "664CD81D-30AD-450B-A9FF-7C0FC61C938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "068639F9-89E0-4B19-9E24-550087080419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4801FB64-FFC4-4167-9855-69EB8A424EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:as_400:*:*:*:*:*",
"matchCriteriaId": "CEEC709C-CE2F-435D-8595-3B7462F5D58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:s_390:*:*:*:*:*",
"matchCriteriaId": "416653F7-D8D5-4947-A097-8E1298DD0FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:solaris:*:*:*:*:*",
"matchCriteriaId": "0416D605-20FC-4C87-8009-C240530A1B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "4FFD939A-C783-4A02-9859-B823A57F8A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "723E2C95-124F-422F-A241-AECA1D5E0D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:netware:*:*:*:*:*:*:*",
"matchCriteriaId": "2A63C770-365B-4EAF-AF4B-1B379F943DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.5:*:hp:*:*:*:*:*",
"matchCriteriaId": "9D2CAA96-4C71-482B-A033-E4AD0814C638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "0DEAD496-BB59-464D-9BBA-29158CF65C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "8767F042-4333-404A-B7D7-6830B6959890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:sun:*:*:*:*:*",
"matchCriteriaId": "C02396DD-CFBF-4019-8AC7-9C41821AF8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF73278-A5E9-4975-9C0B-DD9413A33FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.51_j:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F86817-D352-452E-B80F-1402C8A76372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:*:*:linux_5.1.1:*:*:*:*:*",
"matchCriteriaId": "0D03DBA4-3F2D-433A-8D17-01B4D7E16EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "4086086F-4F57-4E73-B473-FFF33CD23F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1E2358-2868-4D95-A783-0D7A591A691C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:5.5_build_1183:*:*:*:*:*:*:*",
"matchCriteriaId": "E4587F87-E033-4636-9B61-18D1A7AA54D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:linux:*:*:*:*:*",
"matchCriteriaId": "7E8ADD8C-2E58-4671-BECF-B02A5DE04A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:solaris:*:*:*:*:*",
"matchCriteriaId": "4CD5D110-5FA3-4F6C-A727-06A73676EC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "CD824873-B625-4755-ADC9-C6657CD63208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "E4B9603D-79FE-4E7C-A9F9-E9A24FBBDF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "475CED59-77F7-4E6B-8DB6-EFFC7F8D5929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.1.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "29DA2B3D-D055-4328-8AD3-B5B407B17328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D948171A-3B54-462A-8B2E-2C0266A37E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9D4E2E-889B-4233-8887-9CF00A5023A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F35126E8-F926-4C0B-B37F-AFE78DD2526F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "106EB780-7455-41F7-ADB0-67C541F6C53F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:solaris:*:*:*:*:*",
"matchCriteriaId": "A9EB55C4-00FB-4D2F-993D-27269F09CF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "D9AE5039-8467-48C2-8417-E7B18A48F0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.0_build_1182:*:*:*:*:*:*:*",
"matchCriteriaId": "DA820000-7608-4E3B-A05D-0C3CFC35227C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.0_build1166:*:*:*:*:*:*:*",
"matchCriteriaId": "20349641-1EAD-4401-996F-15C131574F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "82425C25-4464-4C69-A7C9-6B7369661E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA147F1-224C-4230-9831-5EB153748793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.7.0_build1190:*:*:*:*:*:*:*",
"matchCriteriaId": "E2417050-7F5A-4702-A6F5-DFEFE96CCD78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.8.0_build1130:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9F63FB-7B5F-49AF-BC84-B3250A08720A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "2F72A6DE-BA1B-4907-B19D-D71B172BB249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.81:*:linux:*:*:*:*:*",
"matchCriteriaId": "37ECAEF4-8A0D-4B90-8E4A-62BA72DAA702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:5.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "25D7EFC1-4053-46E9-9081-3BBAB0300C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:aix:*:*:*:*:*",
"matchCriteriaId": "8B678239-DD77-488C-82FE-27D6FC47B94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:linux_for_smb:*:*:*:*:*",
"matchCriteriaId": "071EDC78-C902-4D79-8CDF-F5DD30BF7027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:smb:*:*:*:*:*",
"matchCriteriaId": "55C6BD67-FE95-43A7-91F7-608DEC79C24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "29EDFC0F-687B-4B56-8910-67C6E3907483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows_nt_for_smb:*:*:*:*:*",
"matchCriteriaId": "5A694256-BD24-4EED-9833-B15DCA874F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F81C82F-4997-4D4E-981B-F1601A8AD281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3120FB-140A-458B-8926-7FE3593331FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B9239FE6-7FE3-4013-8E73-DE648F24EFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "12023885-3D72-4CE4-B60F-F91EEE0C9153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "0B132F48-3C0D-4DC9-9255-BB2D1CEBF855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:3.52_build1466:*:*:*:*:*:*:*",
"matchCriteriaId": "772DC29B-9C2C-4446-9352-6707E6B6F08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_for_windows_nt:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3079D9E-853D-46D3-92E8-E125CC800DFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall_scan_engine:7.510.0-1002:*:*:*:*:*:*:*",
"matchCriteriaId": "D5ADC38A-3C58-42B3-9396-0D7B14EA0B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:*:*:linux:*:*:*:*:*",
"matchCriteriaId": "1DC6D16A-3D1C-4AA6-B039-BFF5BEE64693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:*:*:linux_1.0.0_ja:*:*:*:*:*",
"matchCriteriaId": "110A575E-761B-4DD7-B4BE-B9AD22C85213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:linux:*:*:*:*:*",
"matchCriteriaId": "1DCB7541-8145-47CA-9F4E-4A600CA454EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:solaris:*:*:*:*:*",
"matchCriteriaId": "DB8B2F17-7C2B-4782-9492-D967A2AD8B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "D1E65854-8869-41F7-BAFE-B7545FC98BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webmanager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33920-9BC7-41BC-BB66-723D0BAF2839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webmanager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A73B43D9-A721-4D48-A2D6-48A77355965F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webmanager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F3645D-2B7D-44ED-83DE-ABF9016CD0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webprotect:gold:*:isa:*:*:*:*:*",
"matchCriteriaId": "921B617D-F37E-4D10-A627-09F9678790B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4013BF7E-DE8F-4941-BF15-D17C8C88DB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:4.5.0:*:microsof_sbs:*:*:*:*:*",
"matchCriteriaId": "11302ED5-C1AB-40D0-B019-A85C43E362D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.0:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "093EED07-F4C1-47B2-9D08-3DE0D57D5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.1.1:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "CBA9F2BA-1274-465C-B723-ABB54CA17FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE60F5D9-35D0-4D0E-85D1-EE71E533622F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "6F37307A-7847-4D5A-99D8-8A4BE424CD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BF74A292-2B1B-43FC-AA82-CFB04D7644E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "925DA405-9719-452C-8369-D4A60CC916C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "46575AE8-8718-44D8-AF5C-14F7981B3238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "F893D171-7AB3-4422-BA86-021B0211EE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F25D89-826B-4FA0-AA8F-CD729F00F9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE87037-D7CC-480B-BBD2-F1802294D4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB43A95-60F8-425A-8434-C07EC799DC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567D7B70-7FE7-4C4F-8D09-C72E28F04FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDE85D-4C4B-42D0-BF64-11E880168A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBAA86F-8DE4-4BC8-B295-89CF981C28D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "9994E64C-0E8C-4A9C-A321-6A73A16E33AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "A65282E0-2332-4CAA-9BA9-3794C2CDE960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "E56D571B-649D-41E2-A502-6C1EBAB73F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "E455A061-A34B-4AB7-88C7-222DB08BED08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB1055E-31AA-44DE-A74C-8678A0C268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security:14_14.00.1485:*:*:*:*:*:*:*",
"matchCriteriaId": "408D7C07-D6CF-4722-AB74-70DE7C114FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security:2005_12.0.0_0_build_1244:*:*:*:*:*:*:*",
"matchCriteriaId": "26DA917A-B842-40E7-B3A1-8546ADBB401C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security:2006_14.10.0.1023:*:*:*:*:*:*:*",
"matchCriteriaId": "83C3D9AE-690A-4ACE-B6A2-E83F1B7C5507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "F945B425-D79F-4B5F-A588-5DCDCFB87B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D237983-725B-43B5-B733-D25397A846C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:portalprotect:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C991F564-93D1-4E63-8B71-B0C9CD9BECA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:portalprotect:1.2:*:sharepoint:*:*:*:*:*",
"matchCriteriaId": "1F34805C-1602-45F7-8C03-D585D2F44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71DAD29C-23D7-45C0-8B1B-AD9CD260EAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:2.6:*:domino:*:*:*:*:*",
"matchCriteriaId": "195D657C-4A4B-4832-B1A6-056FB990401E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:2.51:*:domino:*:*:*:*:*",
"matchCriteriaId": "929BCF43-AC3A-43D0-8819-7673996D216D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:3.8:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "3BFF861D-F544-4902-A958-BE566FB85738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:3.81:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "3B282BE2-8116-48A7-B6D6-544983FF72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:6.1:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "C81AFD13-0883-48F5-BD6B-707CFFE07262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_aix:*:*:*:*:*",
"matchCriteriaId": "B4963C96-FA13-4E54-8EE3-8E169CACBF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_as_400:*:*:*:*:*",
"matchCriteriaId": "C3E0300A-27F7-47C1-B725-55FF0BE92FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_s_390:*:*:*:*:*",
"matchCriteriaId": "FF365F03-F95C-4047-BBA4-42EBD02E823B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_solaris:*:*:*:*:*",
"matchCriteriaId": "A2042D38-CF77-4149-9289-B3380F59D794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_windows:*:*:*:*:*",
"matchCriteriaId": "D275C0DB-E942-4EB9-B6AA-3112C1A697DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail_emanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CE79B6-B9E8-4775-B7BF-90C2758EECE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanning_engine:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB5BDA1-06D4-49B9-99CD-F8B67A5EB895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38695C1D-DC51-45EB-9EEB-6E04490AFE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7ACC41-E475-4770-B446-4B41EE008A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7E0AA8-220E-4E20-9FF0-95C22664AFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.58:*:windows:*:*:*:*:*",
"matchCriteriaId": "5E2F6774-B29F-47E6-8E50-8CF4D9AB3EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:linux:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB7A187-75F5-41B5-A6A9-2C28AC5F0F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:linux_1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42A4608B-A7E7-4217-8F88-C12E9DEC9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:novell_netware:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1B8E24-4A28-4110-8DF4-72A5D19FAEAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:windows:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0BE038-C7F1-45FE-BE54-3D4245B3F060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:viruswall:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABCB699-614A-45A5-B906-7650BB32EA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:web_security_suite:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96D764CC-3574-4D95-8EA2-2C02F36EF133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:webprotect:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21F178A5-CEAF-407F-BDE1-2328A4B959A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versi\u00f3n 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un ejecutable comprimido UPX malformado."
}
],
"evaluatorImpact": "Failed exploit attempts will likely cause a denial-of-service condition.",
"id": "CVE-2007-0851",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-08T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2377366274/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33038"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24087"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24128"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1017601"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017602"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017603"
},
{
"source": "cve@mitre.org",
"url": "http://www.jpcert.or.jp/at/2007/at070004.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/276432"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22449"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0522"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0569"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2377366274/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1017601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.jpcert.or.jp/at/2007/at070004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/276432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C374395B-80B1-4FBA-88F6-1C155900E4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*",
"matchCriteriaId": "F794E937-C7EC-423B-AF79-F7C214114BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets."
},
{
"lang": "es",
"value": "El servicio Trend Micro Personal Firewall (tambi\u00e9n conocido como TmPfw.exe) en los m\u00f3dulos Trend Micro Network Security Component (NSC, utilizado en Trend Micro OfficeScan 8.0 SP1 parche 1 e Internet Security 2007 y 2008 v17.0.1224, se basa en la protecci\u00f3n de la contrase\u00f1a del lado del cliente implementada en la configuraci\u00f3n GUI, lo que permite a usuarios locales evitar las restricciones de de acceso previstas y cambiar las configuraciones del cortafuegos utilizando un cliente modificado que env\u00eda paquetes manipulados."
}
],
"id": "CVE-2008-3866",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-21T20:30:00.233",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31160"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33609"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-43/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021616"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021617"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-43/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-10 04:06
Modified
2025-04-09 00:30
Severity ?
Summary
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 6.0 | |
| trend_micro | officescan | corporate_6.5 | |
| trend_micro | officescan | corporate_7.0 | |
| trend_micro | officescan | corporate_7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "477D3144-648E-4003-835F-87F63F9248F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB43A95-60F8-425A-8434-C07EC799DC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567D7B70-7FE7-4C4F-8D09-C72E28F04FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDE85D-4C4B-42D0-BF64-11E880168A83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program."
},
{
"lang": "es",
"value": "Trend Micro OfficeScan 6.0 en Client/Server/Messaging (CSM) Suite para SMB 2.0 anetrior a 6.0.0.1385, y OfficeScan Corporate Edition (OSCE) 6.5 anterior a 6.5.0.1418, 7.0 anterior a 7.0.0.1257, y 7.3 anterior a 7.3.0.1053 permite a atacantes remotos borrar archivos mediante un par\u00e1metro de nombre de archivo (filename) modificado en una petici\u00f3n HTTP determinada que invoca al programa CGI de OfficeScan."
}
],
"id": "CVE-2006-5212",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-10T04:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22156"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20330"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/download/product.asp?productid=5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/download/product.asp?productid=5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3882"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-30 14:34
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.0_engine_7.510.1002 | |
| trend_micro | pc-cillin_2005 | 12.0.1244_engine_7.510.1002 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.0_engine_7.510.1002:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3CAF81-213C-4F6B-A616-28CE1760CE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin_2005:12.0.1244_engine_7.510.1002:*:*:*:*:*:*:*",
"matchCriteriaId": "5410A1D5-55CF-404A-A954-C2540DE00AAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\""
}
],
"id": "CVE-2005-3379",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-10-30T14:34:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113026417802703\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityelf.org/magicbyte.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityelf.org/magicbyteadv.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityelf.org/updmagic.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415173"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113026417802703\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityelf.org/magicbyte.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityelf.org/magicbyteadv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityelf.org/updmagic.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15189"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-18 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_5.02 | |
| trend_micro | pc-cillin | 2000 | |
| trend_micro | pc-cillin | 2002 | |
| trend_micro | pc-cillin | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "9994E64C-0E8C-4A9C-A321-6A73A16E33AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "A65282E0-2332-4CAA-9BA9-3794C2CDE960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "E56D571B-649D-41E2-A502-6C1EBAB73F62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3)."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en pop3trap.exe en PC-cillin 2000, 2002, y 2003 permite a usuarios locales la ejecuci\u00f3n arbitraria de c\u00f3digo mediante una cadena de caracteres larga de entrada en el puerto TCP 110 (POP3)."
}
],
"id": "CVE-2002-1349",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103953822705917\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/157961"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6350"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.texonet.com/advisories/TEXONET-20021210.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103953822705917\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/157961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.texonet.com/advisories/TEXONET-20021210.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-03 15:07
Modified
2025-04-09 00:30
Severity ?
Summary
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "8FCFB646-3649-454D-8492-1640D98ED0C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\""
},
{
"lang": "es",
"value": "El m\u00f3dulo CGI en el servidor en Trend Micro OfficeScan v8.0 SP1 versiones anteriores a build 2439 y v8.0 SP1 Patch 1 versiones anteriores a build 3087 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (puntero de referencia NULL y ca\u00edda del proceso hijo) a trav\u00e9s de cabeceras HTTP manipuladas, relacionado con \"mecanismo de manejo de errores\"."
}
],
"id": "CVE-2008-4403",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-03T15:07:10.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32097"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31531"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020974"
},
{
"source": "cve@mitre.org",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | 3.1.1 | |
| trend_micro | officescan | 3.5 | |
| trend_micro | officescan | 3.5 | |
| trend_micro | officescan | 3.11 | |
| trend_micro | officescan | 3.11 | |
| trend_micro | officescan | 3.13 | |
| trend_micro | officescan | 3.13 | |
| trend_micro | officescan | 3.54 | |
| trend_micro | virus_buster | 3.52 | |
| trend_micro | virus_buster | 3.53 | |
| trend_micro | virus_buster | 3.54 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4013BF7E-DE8F-4941-BF15-D17C8C88DB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "6D89F5A6-CF62-4EB2-AD75-0AF4FDA279B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "FCE38732-A854-4B45-9F08-0356AB8A2FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*",
"matchCriteriaId": "B0CB2406-0DDD-4653-94BC-7474B4E298DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "CA0852D4-5A87-41E7-A924-8EB4D6827DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*",
"matchCriteriaId": "BECFA7BB-E0EA-41E9-BE6F-7FD6751D0E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "439E4F94-C5E6-4E26-83DC-CECE166CB298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*",
"matchCriteriaId": "A37C9CBC-DC20-40B5-9713-C823935ECA1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "0935C827-9E24-4DB2-B694-BB233F6693F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*",
"matchCriteriaId": "BD6B7257-8D78-4EED-8E92-2FF807018E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*",
"matchCriteriaId": "951A2994-54C5-401D-9254-0E814A4B8538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*",
"matchCriteriaId": "AA8EF8C3-D6B3-4037-BE06-85196EC150F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*",
"matchCriteriaId": "49591281-E68C-4F97-AC98-73BB1B5A0A40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe."
}
],
"id": "CVE-2003-1341",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html"
},
{
"source": "cve@mitre.org",
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/7881"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6181"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/6616"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/7881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/6616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | corporate_3.5 | |
| trend_micro | officescan | corporate_3.11 | |
| trend_micro | officescan | corporate_3.13 | |
| trend_micro | officescan | corporate_3.54 | |
| trend_micro | officescan | corporate_5.02 | |
| trend_micro | officescan | corporate_5.5 | |
| trend_micro | officescan | corporate_5.58 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4013BF7E-DE8F-4941-BF15-D17C8C88DB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE60F5D9-35D0-4D0E-85D1-EE71E533622F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BF74A292-2B1B-43FC-AA82-CFB04D7644E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "46575AE8-8718-44D8-AF5C-14F7981B3238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F25D89-826B-4FA0-AA8F-CD729F00F9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE87037-D7CC-480B-BBD2-F1802294D4F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges."
}
],
"id": "CVE-2004-2430",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11806"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/6840"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10503"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/6840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-03 15:07
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "8FCFB646-3649-454D-8492-1640D98ED0C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en los m\u00f3dulos CGI el servidor de Trend Micro OfficeScan v8.0 SP1 anterior a la b2439 y v8.0 SP1 Patch 1 anterior a b3087, permite a atacantes remotos ejecutar c\u00f3digo a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4402",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-03T15:07:10.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32097"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020974"
},
{
"source": "cve@mitre.org",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-15 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_3.53 | |
| trend_micro | virus_buster | corporate_3.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "C5FF32ED-84C2-4A22-BA4D-2436B96A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "924B6C34-036E-4A3E-A5CA-219D06379A1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password."
}
],
"id": "CVE-2001-1151",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/220666"
},
{
"source": "cve@mitre.org",
"url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/220666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.iss.net/security_center/static/7014.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/209375 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/210087 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/3216 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/7014.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/209375 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/210087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3216 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_3.5 | |
| trend_micro | officescan | corporate_3.54 | |
| trend_micro | virus_buster | corporate_3.52 | |
| trend_micro | virus_buster | corporate_3.53 | |
| trend_micro | virus_buster | corporate_3.54 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE60F5D9-35D0-4D0E-85D1-EE71E533622F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:virus_buster:corporate_3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3D6BED-09E4-48AD-9AF8-59FFE9241E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "924B6C34-036E-4A3E-A5CA-219D06379A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:virus_buster:corporate_3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D76FA9-4C35-4D33-A4AC-BAACC16335B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files."
}
],
"id": "CVE-2001-1150",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7014.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/209375"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/210087"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7014.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/209375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/210087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3216"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-23 22:00
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el programa CGI en el servidor de Trend Micro OfficeScan 7.3 Patch 4 build 1367 y otras compilaciones anteriores a 1374, y 8.0 SP1 Patch 1 compilaciones anteriores a 3110, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de peticiones HTTP POST que contienen datos de formulario manipulados, relacionado con el \"parseado de peticiones CGI\"."
}
],
"id": "CVE-2008-3862",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-23T22:00:01.230",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32005"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-40/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/4489"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/497650/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/31859"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021093"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/2892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-40/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497650/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2892"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59CDE5D7-3DEC-42DE-8B5A-63903754937B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients."
}
],
"id": "CVE-2000-0205",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-16 22:00
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | client-server-messaging_security | 2.0 | |
| trend_micro | client-server-messaging_security | 3.0 | |
| trend_micro | client-server-messaging_security | 3.5 | |
| trend_micro | client-server-messaging_security | 3.6 | |
| trend_micro | officescan | 7.0 | |
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5608EC01-6625-4B55-BB2F-7EDD2A2C5F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C7AAB1-847F-41AC-8324-3B96ACDF42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F900AA-550D-4D41-8777-B470EF8E5235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:client-server-messaging_security:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "241286A4-320A-4F3A-B5B2-2C19BBDFCC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4D4F2B-4B34-42DA-A23A-16490F19EF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:patch_4:*:*:*:*:*:*",
"matchCriteriaId": "9788F679-89C2-4228-BD38-283C03D3E415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A70AB-32D4-4948-94B2-DCFED9155DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en cgiRecvFile.exe en Trend Micro OfficeScan 7.3 patch 4 build 1362 y otras, OfficeScan 8.0 y 8.0 SP1, y Client Server Messaging Security 3.6, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de peticiones HTTP que contienen un par\u00e1metro largo \"ComputerName\"."
}
],
"id": "CVE-2008-2437",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-16T22:00:00.710",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31342"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-35/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/4263"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/496281/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31139"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1020860"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/2555"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-35/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496281/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | corporate_3.5 | |
| trend_micro | officescan | corporate_3.11 | |
| trend_micro | officescan | corporate_3.13 | |
| trend_micro | officescan | corporate_3.54 | |
| trend_micro | officescan | corporate_5.02 | |
| trend_micro | officescan | corporate_5.58 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4013BF7E-DE8F-4941-BF15-D17C8C88DB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE60F5D9-35D0-4D0E-85D1-EE71E533622F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BF74A292-2B1B-43FC-AA82-CFB04D7644E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "46575AE8-8718-44D8-AF5C-14F7981B3238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE87037-D7CC-480B-BBD2-F1802294D4F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection."
}
],
"id": "CVE-2004-2006",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108395366909344\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11576"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5990"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10300"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108395366909344\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-30 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe para el Trend Micro OfficeScan 7.3 anterior a la versi\u00f3n 7.3.0.1089, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2006-6179",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-30T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21442"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4852"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-02-28 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59CDE5D7-3DEC-42DE-8B5A-63903754937B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%."
}
],
"id": "CVE-2000-0204",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-02-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-11 17:28
Modified
2025-04-09 00:30
Severity ?
Summary
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | pc_cillin_-_internet_security_2006 | * | |
| trend_micro | serverprotect | 5.58 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D237983-725B-43B5-B733-D25397A846C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*",
"matchCriteriaId": "1364240C-2070-4CEA-BAE9-E94EAFFBBF1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."
},
{
"lang": "es",
"value": "El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de CPU y cuelgue de aplicaci\u00f3n) mediante un archivo RAR mal formado con una secci\u00f3n Cabecera de Archivo con lo campos head_size (tama\u00f1o de cabecera) y pack_size (tama\u00f1o de paquete) puestos a cero, lo cual dispara un bucle infinito."
}
],
"id": "CVE-2006-6458",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-11T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23321"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21509"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4918"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:client-server-messaging_suite_smb:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "8C9AAAD5-E973-41CB-B7FD-85D1EA04F6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:client-server_suite_smb:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "664CD81D-30AD-450B-A9FF-7C0FC61C938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:as_400:*:*:*:*:*",
"matchCriteriaId": "CEEC709C-CE2F-435D-8595-3B7462F5D58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:s_390:*:*:*:*:*",
"matchCriteriaId": "416653F7-D8D5-4947-A097-8E1298DD0FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:solaris:*:*:*:*:*",
"matchCriteriaId": "0416D605-20FC-4C87-8009-C240530A1B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "4FFD939A-C783-4A02-9859-B823A57F8A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:gold:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "723E2C95-124F-422F-A241-AECA1D5E0D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:control_manager:netware:*:*:*:*:*:*:*",
"matchCriteriaId": "2A63C770-365B-4EAF-AF4B-1B379F943DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.5:*:hp:*:*:*:*:*",
"matchCriteriaId": "9D2CAA96-4C71-482B-A033-E4AD0814C638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "0DEAD496-BB59-464D-9BBA-29158CF65C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "8767F042-4333-404A-B7D7-6830B6959890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.6:*:sun:*:*:*:*:*",
"matchCriteriaId": "C02396DD-CFBF-4019-8AC7-9C41821AF8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF73278-A5E9-4975-9C0B-DD9413A33FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_emanager:3.51_j:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F86817-D352-452E-B80F-1402C8A76372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "4086086F-4F57-4E73-B473-FFF33CD23F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1E2358-2868-4D95-A783-0D7A591A691C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:linux:*:*:*:*:*",
"matchCriteriaId": "7E8ADD8C-2E58-4671-BECF-B02A5DE04A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:solaris:*:*:*:*:*",
"matchCriteriaId": "4CD5D110-5FA3-4F6C-A727-06A73676EC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_messaging_security_suite:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "CD824873-B625-4755-ADC9-C6657CD63208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "E4B9603D-79FE-4E7C-A9F9-E9A24FBBDF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.0.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "475CED59-77F7-4E6B-8DB6-EFFC7F8D5929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.4:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "75734296-9435-4A96-B30C-572BF1BBAD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.5:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "61C0968D-D8F1-450C-B4E9-94535B4CF637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "106EB780-7455-41F7-ADB0-67C541F6C53F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:solaris:*:*:*:*:*",
"matchCriteriaId": "A9EB55C4-00FB-4D2F-993D-27269F09CF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:unix:*:*:*:*:*",
"matchCriteriaId": "1D8580C2-B757-4C4C-A9B6-960905101E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "D9AE5039-8467-48C2-8417-E7B18A48F0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.6.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "82425C25-4464-4C69-A7C9-6B7369661E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.51:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "15B05F1A-7AA1-46E5-947B-C422F9618F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.52:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "EB4F32FC-8391-4B3B-AA42-07E392053A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:3.52_build1466:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "1BF5CF24-83B8-4AC3-A849-C56979CB38DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:5.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "25D7EFC1-4053-46E9-9081-3BBAB0300C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:aix:*:*:*:*:*",
"matchCriteriaId": "8B678239-DD77-488C-82FE-27D6FC47B94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:linux_for_smb:*:*:*:*:*",
"matchCriteriaId": "071EDC78-C902-4D79-8CDF-F5DD30BF7027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:smb:*:*:*:*:*",
"matchCriteriaId": "55C6BD67-FE95-43A7-91F7-608DEC79C24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "29EDFC0F-687B-4B56-8910-67C6E3907483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_viruswall:gold:*:windows_nt_for_smb:*:*:*:*:*",
"matchCriteriaId": "5A694256-BD24-4EED-9833-B15DCA874F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:linux:*:*:*:*:*",
"matchCriteriaId": "1DCB7541-8145-47CA-9F4E-4A600CA454EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:solaris:*:*:*:*:*",
"matchCriteriaId": "DB8B2F17-7C2B-4782-9492-D967A2AD8B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_web_security_suite:gold:*:windows:*:*:*:*:*",
"matchCriteriaId": "D1E65854-8869-41F7-BAFE-B7545FC98BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webmanager:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C33920-9BC7-41BC-BB66-723D0BAF2839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webmanager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A73B43D9-A721-4D48-A2D6-48A77355965F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webmanager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F3645D-2B7D-44ED-83DE-ABF9016CD0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:interscan_webprotect:gold:*:isa:*:*:*:*:*",
"matchCriteriaId": "921B617D-F37E-4D10-A627-09F9678790B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4013BF7E-DE8F-4941-BF15-D17C8C88DB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.0:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "093EED07-F4C1-47B2-9D08-3DE0D57D5CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.1.1:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "CBA9F2BA-1274-465C-B723-ABB54CA17FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE60F5D9-35D0-4D0E-85D1-EE71E533622F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "6F37307A-7847-4D5A-99D8-8A4BE424CD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BF74A292-2B1B-43FC-AA82-CFB04D7644E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.11:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "925DA405-9719-452C-8369-D4A60CC916C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "46575AE8-8718-44D8-AF5C-14F7981B3238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.13:*:windows_nt_server:*:*:*:*:*",
"matchCriteriaId": "F893D171-7AB3-4422-BA86-021B0211EE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CE3BB4-54BA-48DE-9CFC-C2241D99DA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F25D89-826B-4FA0-AA8F-CD729F00F9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE87037-D7CC-480B-BBD2-F1802294D4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB43A95-60F8-425A-8434-C07EC799DC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBAA86F-8DE4-4BC8-B295-89CF981C28D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2000:*:*:*:*:*:*:*",
"matchCriteriaId": "9994E64C-0E8C-4A9C-A321-6A73A16E33AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "A65282E0-2332-4CAA-9BA9-3794C2CDE960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:pc-cillin:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "E56D571B-649D-41E2-A502-6C1EBAB73F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:portalprotect:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C991F564-93D1-4E63-8B71-B0C9CD9BECA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:2.6:*:domino:*:*:*:*:*",
"matchCriteriaId": "195D657C-4A4B-4832-B1A6-056FB990401E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:2.51:*:domino:*:*:*:*:*",
"matchCriteriaId": "929BCF43-AC3A-43D0-8819-7673996D216D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:3.8:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "3BFF861D-F544-4902-A958-BE566FB85738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:3.81:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "3B282BE2-8116-48A7-B6D6-544983FF72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:6.1:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "C81AFD13-0883-48F5-BD6B-707CFFE07262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_aix:*:*:*:*:*",
"matchCriteriaId": "B4963C96-FA13-4E54-8EE3-8E169CACBF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_as_400:*:*:*:*:*",
"matchCriteriaId": "C3E0300A-27F7-47C1-B725-55FF0BE92FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_s_390:*:*:*:*:*",
"matchCriteriaId": "FF365F03-F95C-4047-BBA4-42EBD02E823B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_solaris:*:*:*:*:*",
"matchCriteriaId": "A2042D38-CF77-4149-9289-B3380F59D794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail:gold:*:lotus_domino_on_windows:*:*:*:*:*",
"matchCriteriaId": "D275C0DB-E942-4EB9-B6AA-3112C1A697DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:scanmail_emanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CE79B6-B9E8-4775-B7BF-90C2758EECE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "FB28FE16-F163-4287-9A4E-843C2E67792E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:1.25_2007-02-16:*:linux:*:*:*:*:*",
"matchCriteriaId": "6E8704FA-AA3C-4664-A5AA-50F60AE77642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:2.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "BEDB64E2-6157-47C1-842E-26A40A885ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38695C1D-DC51-45EB-9EEB-6E04490AFE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure."
}
],
"id": "CVE-2005-0533",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14396"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013290"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12643"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/189"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-21 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | internet_security_2007 | * | |
| trend_micro | internet_security_2008 | 17.0.1224 | |
| trend_micro | officescan | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C374395B-80B1-4FBA-88F6-1C155900E4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*",
"matchCriteriaId": "F794E937-C7EC-423B-AF79-F7C214114BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
},
{
"lang": "es",
"value": "La funci\u00f3n ApiThread en el servicio de cortafuegos (tambi\u00e9n conocido como TmPfw.exe) en los m\u00f3dulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegaci\u00f3n de sevicio (ca\u00edda de aplicaci\u00f3n) mediante un paquete con un valor grande en un campo de tama\u00f1o no especificado."
}
],
"id": "CVE-2008-3864",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-21T20:30:00.187",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31160"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33609"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/4937"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021614"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1021615"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-03 15:07
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 | |
| trend_micro | officescan | 8.0 | |
| trend_micro | officescan | 8.0 | |
| trend_micro | worry_free_business_security | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9A220318-78FB-4D3B-968D-7B0BF3BB1969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:officescan:8.0:sp1_patch1:*:*:*:*:*:*",
"matchCriteriaId": "8FCFB646-3649-454D-8492-1640D98ED0C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trend_micro:worry_free_business_security:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB06F18F-DE90-43FE-8B23-AC2784BBB2C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n UpdateAgent en TmListen.exe en el servicio OfficeScanNT Listener del cliente de Trend Micro OfficeScan v7.3 Patch 4 build v1367 y otros builds versiones anteriores a v1372, OfficeScan 8.0 SP1 versiones anteriores a build v1222, OfficeScan 8.0 SP1 Patch 1 versiones anteriores a build 3087, y Worry-Free Business Security 5.0 versiones anteriores a build v1220 permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en una petici\u00f3n HTTP.\r\nNOTA: algunos de estos detalles han sido obtenidos a partir de la informaci\u00f3n de terceros.\r\n"
}
],
"id": "CVE-2008-2439",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-03T15:07:10.633",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31343"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32097"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-39/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/496970/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/31531"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1020975"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/2711"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-39/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496970/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-02-28 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59CDE5D7-3DEC-42DE-8B5A-63903754937B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345."
}
],
"id": "CVE-2000-0203",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-02-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1013"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-24 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C563A4F9-14B8-481C-9C52-1483C8D507BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe."
}
],
"id": "CVE-2006-1381",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-24T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11576"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9\u0026sel_lang=english"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1041"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9\u0026sel_lang=english"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-30 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe para Trend Micro OfficeScan 7.3 anterior a build 7.3.0.1087 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores de ataque no especificados."
}
],
"id": "CVE-2006-6178",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-30T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21442"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4852"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-05 04:04
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:officescan:corporate_7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78CDE85D-4C4B-42D0-BF64-11E880168A83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console\u0027s Remote Client Install name search\"."
},
{
"lang": "es",
"value": "Vulnerabilidad de cadena de formato en el control ActiveX (ATXCONSOLE.OCX) en TrendMicro OfficeScan Corporate Edition (OSCE) anterior a 7.3 Patch 1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante identificadores de cadena de formato en el \"Management Console\u0027s Remote Client Install name search\"."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product patch:\r\nTrend Micro, OfficeScan, Corporate 7.3 Patch 1",
"id": "CVE-2006-5157",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-05T04:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22224"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1682"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016963"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.layereddefense.com/TREND01OCT.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447498/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20284"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3870"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.layereddefense.com/TREND01OCT.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447498/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-0851 (GCVE-0-2007-0851)
Vulnerability from cvelistv5
Published
2007-02-08 18:00
Modified
2024-08-07 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017601"
},
{
"name": "22449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289"
},
{
"name": "1017603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jpcert.or.jp/at/2007/at070004.txt"
},
{
"name": "24087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24087"
},
{
"name": "33038",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33038"
},
{
"name": "ADV-2007-0522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0522"
},
{
"name": "JVN#77366274",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2377366274/index.html"
},
{
"name": "VU#276432",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/276432"
},
{
"name": "20070208 Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470"
},
{
"name": "antivirus-upx-bo(32352)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352"
},
{
"name": "ADV-2007-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0569"
},
{
"name": "1017602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017602"
},
{
"name": "24128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017601"
},
{
"name": "22449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289"
},
{
"name": "1017603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jpcert.or.jp/at/2007/at070004.txt"
},
{
"name": "24087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24087"
},
{
"name": "33038",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33038"
},
{
"name": "ADV-2007-0522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0522"
},
{
"name": "JVN#77366274",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2377366274/index.html"
},
{
"name": "VU#276432",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/276432"
},
{
"name": "20070208 Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470"
},
{
"name": "antivirus-upx-bo(32352)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352"
},
{
"name": "ADV-2007-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0569"
},
{
"name": "1017602",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017602"
},
{
"name": "24128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017601",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017601"
},
{
"name": "22449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22449"
},
{
"name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289",
"refsource": "CONFIRM",
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289"
},
{
"name": "1017603",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017603"
},
{
"name": "http://www.jpcert.or.jp/at/2007/at070004.txt",
"refsource": "MISC",
"url": "http://www.jpcert.or.jp/at/2007/at070004.txt"
},
{
"name": "24087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24087"
},
{
"name": "33038",
"refsource": "OSVDB",
"url": "http://osvdb.org/33038"
},
{
"name": "ADV-2007-0522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0522"
},
{
"name": "JVN#77366274",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2377366274/index.html"
},
{
"name": "VU#276432",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/276432"
},
{
"name": "20070208 Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470"
},
{
"name": "antivirus-upx-bo(32352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32352"
},
{
"name": "ADV-2007-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0569"
},
{
"name": "1017602",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017602"
},
{
"name": "24128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0851",
"datePublished": "2007-02-08T18:00:00",
"dateReserved": "2007-02-08T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3865 (GCVE-0-2008-3865)
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "tmpfw-apithread-bo(48107)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
},
{
"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name": "33358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33609"
},
{
"name": "4937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4937"
},
{
"name": "31160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31160"
},
{
"name": "1021614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "1021615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "tmpfw-apithread-bo(48107)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
},
{
"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name": "33358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33609"
},
{
"name": "4937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4937"
},
{
"name": "31160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31160"
},
{
"name": "1021614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021615"
},
{
"name": "http://secunia.com/secunia_research/2008-42/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "tmpfw-apithread-bo(48107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
},
{
"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name": "33358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33609"
},
{
"name": "4937",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4937"
},
{
"name": "31160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31160"
},
{
"name": "1021614",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-3865",
"datePublished": "2009-01-21T20:00:00",
"dateReserved": "2008-08-29T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1341 (GCVE-0-2003-1341)
Vulnerability from cvelistv5
Published
2007-10-14 19:00
Modified
2024-08-08 02:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6181"
},
{
"name": "7881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/7881"
},
{
"name": "officescan-cgichkmasterpwd-auth-bypass(11059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353"
},
{
"name": "20030114 Assorted Trend Vulns Rev 2.0",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html"
},
{
"name": "6616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6181"
},
{
"name": "7881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/7881"
},
{
"name": "officescan-cgichkmasterpwd-auth-bypass(11059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353"
},
{
"name": "20030114 Assorted Trend Vulns Rev 2.0",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html"
},
{
"name": "6616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6181",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6181"
},
{
"name": "7881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7881"
},
{
"name": "officescan-cgichkmasterpwd-auth-bypass(11059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059"
},
{
"name": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353",
"refsource": "CONFIRM",
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353"
},
{
"name": "20030114 Assorted Trend Vulns Rev 2.0",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html"
},
{
"name": "6616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1341",
"datePublished": "2007-10-14T19:00:00",
"dateReserved": "2007-10-14T00:00:00",
"dateUpdated": "2024-08-08T02:28:02.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2006 (GCVE-0-2004-2006)
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040507 Security issue with Trend OfficeScan Corporate Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108395366909344\u0026w=2"
},
{
"name": "10300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10300"
},
{
"name": "officescan-configuration-modify(16092)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092"
},
{
"name": "11576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11576"
},
{
"name": "5990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040507 Security issue with Trend OfficeScan Corporate Edition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108395366909344\u0026w=2"
},
{
"name": "10300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10300"
},
{
"name": "officescan-configuration-modify(16092)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092"
},
{
"name": "11576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11576"
},
{
"name": "5990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro OfficeScan 3.0 - 6.0 has default permissions of \"Everyone Full Control\" on the installation directory and registry keys, which allows local users to disable virus protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040507 Security issue with Trend OfficeScan Corporate Edition",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108395366909344\u0026w=2"
},
{
"name": "10300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10300"
},
{
"name": "officescan-configuration-modify(16092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16092"
},
{
"name": "11576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11576"
},
{
"name": "5990",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2006",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2437 (GCVE-0-2008-2437)
Vulnerability from cvelistv5
Published
2008-09-16 22:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt"
},
{
"name": "4263",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4263"
},
{
"name": "ADV-2008-2555",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2555"
},
{
"name": "trendmicro-cgirecvfile-bo(45072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072"
},
{
"name": "20080912 Secunia Research: Trend Micro OfficeScan \"cgiRecvFile.exe\" Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496281/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt"
},
{
"name": "31342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31342"
},
{
"name": "31139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-35/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt"
},
{
"name": "1020860",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt"
},
{
"name": "4263",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4263"
},
{
"name": "ADV-2008-2555",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2555"
},
{
"name": "trendmicro-cgirecvfile-bo(45072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072"
},
{
"name": "20080912 Secunia Research: Trend Micro OfficeScan \"cgiRecvFile.exe\" Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496281/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt"
},
{
"name": "31342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31342"
},
{
"name": "31139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-35/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt"
},
{
"name": "1020860",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-2437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060_readme.txt"
},
{
"name": "4263",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4263"
},
{
"name": "ADV-2008-2555",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2555"
},
{
"name": "trendmicro-cgirecvfile-bo(45072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45072"
},
{
"name": "20080912 Secunia Research: Trend Micro OfficeScan \"cgiRecvFile.exe\" Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496281/100/0/threaded"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424_readme.txt"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt"
},
{
"name": "31342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31342"
},
{
"name": "31139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31139"
},
{
"name": "http://secunia.com/secunia_research/2008-35/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-35/"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_Win_EN_CriticalPatch_B1361_readme.txt"
},
{
"name": "1020860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-2437",
"datePublished": "2008-09-16T22:00:00",
"dateReserved": "2008-05-27T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4402 (GCVE-0-2008-4402)
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31531",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "trendmicro-officescan-cgi-dos(45608)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608"
},
{
"name": "32097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32097"
},
{
"name": "1020974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "ADV-2008-2712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31531",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "trendmicro-officescan-cgi-dos(45608)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608"
},
{
"name": "32097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32097"
},
{
"name": "1020974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "ADV-2008-2712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31531"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "trendmicro-officescan-cgi-dos(45608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608"
},
{
"name": "32097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32097"
},
{
"name": "1020974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020974"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "ADV-2008-2712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4402",
"datePublished": "2008-10-03T15:00:00",
"dateReserved": "2008-10-03T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2430 (GCVE-0-2004-2430)
Vulnerability from cvelistv5
Published
2005-08-18 04:00
Modified
2024-08-08 01:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6840"
},
{
"name": "10503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10503"
},
{
"name": "officescan-service-gain-privileges(16375)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375"
},
{
"name": "20040609 Trend Officescan local privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html"
},
{
"name": "11806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11806"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6840"
},
{
"name": "10503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10503"
},
{
"name": "officescan-service-gain-privileges(16375)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375"
},
{
"name": "20040609 Trend Officescan local privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html"
},
{
"name": "11806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11806"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6840",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6840"
},
{
"name": "10503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10503"
},
{
"name": "officescan-service-gain-privileges(16375)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16375"
},
{
"name": "20040609 Trend Officescan local privilege escalation",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html"
},
{
"name": "11806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11806"
},
{
"name": "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118",
"refsource": "CONFIRM",
"url": "http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2430",
"datePublished": "2005-08-18T04:00:00",
"dateReserved": "2005-08-18T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5212 (GCVE-0-2006-5212)
Vulnerability from cvelistv5
Published
2006-10-09 21:00
Modified
2024-08-07 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20330"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt"
},
{
"name": "ADV-2006-3882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3882"
},
{
"name": "22156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/download/product.asp?productid=5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20330"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt"
},
{
"name": "ADV-2006-3882",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3882"
},
{
"name": "22156",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/download/product.asp?productid=5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20330"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt"
},
{
"name": "ADV-2006-3882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3882"
},
{
"name": "22156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22156"
},
{
"name": "http://www.trendmicro.com/download/product.asp?productid=5",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/download/product.asp?productid=5"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5212",
"datePublished": "2006-10-09T21:00:00",
"dateReserved": "2006-10-09T00:00:00",
"dateUpdated": "2024-08-07T19:41:04.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0533 (GCVE-0-2005-0533)
Vulnerability from cvelistv5
Published
2005-02-24 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution"
},
{
"name": "1013290",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013290"
},
{
"name": "1013289",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013289"
},
{
"name": "20050224 Trend Micro AntiVirus Library Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/189"
},
{
"name": "14396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14396"
},
{
"name": "12643",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-02-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution"
},
{
"name": "1013290",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013290"
},
{
"name": "1013289",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013289"
},
{
"name": "20050224 Trend Micro AntiVirus Library Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/189"
},
{
"name": "14396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14396"
},
{
"name": "12643",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution"
},
{
"name": "1013290",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013290"
},
{
"name": "1013289",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013289"
},
{
"name": "20050224 Trend Micro AntiVirus Library Heap Overflow",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/189"
},
{
"name": "14396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14396"
},
{
"name": "12643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0533",
"datePublished": "2005-02-24T05:00:00",
"dateReserved": "2005-02-24T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3379 (GCVE-0-2005-3379)
Vulnerability from cvelistv5
Published
2005-10-29 19:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15189"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityelf.org/magicbyte.html"
},
{
"name": "20051029 Trend Micro\u0027s Response to the Magic Byte Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityelf.org/magicbyteadv.html"
},
{
"name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026417802703\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityelf.org/updmagic.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15189"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityelf.org/magicbyte.html"
},
{
"name": "20051029 Trend Micro\u0027s Response to the Magic Byte Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/415173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityelf.org/magicbyteadv.html"
},
{
"name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113026417802703\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityelf.org/updmagic.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15189"
},
{
"name": "http://www.securityelf.org/magicbyte.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/magicbyte.html"
},
{
"name": "20051029 Trend Micro\u0027s Response to the Magic Byte Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415173"
},
{
"name": "http://www.securityelf.org/magicbyteadv.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/magicbyteadv.html"
},
{
"name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113026417802703\u0026w=2"
},
{
"name": "http://www.securityelf.org/updmagic.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/updmagic.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3379",
"datePublished": "2005-10-29T19:00:00",
"dateReserved": "2005-10-29T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3364 (GCVE-0-2008-3364)
Vulnerability from cvelistv5
Published
2008-07-30 16:03
Modified
2024-08-07 09:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31440"
},
{
"name": "ADV-2008-2220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2220/references"
},
{
"name": "30407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30407"
},
{
"name": "31277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31277"
},
{
"name": "trendmicro-officescan-objremovectrl-bo(44042)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042"
},
{
"name": "1020569",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020569"
},
{
"name": "6152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899\u0026id=EN-1037899"
},
{
"name": "4061",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31440"
},
{
"name": "ADV-2008-2220",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2220/references"
},
{
"name": "30407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30407"
},
{
"name": "31277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31277"
},
{
"name": "trendmicro-officescan-objremovectrl-bo(44042)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042"
},
{
"name": "1020569",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020569"
},
{
"name": "6152",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899\u0026id=EN-1037899"
},
{
"name": "4061",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31440"
},
{
"name": "ADV-2008-2220",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2220/references"
},
{
"name": "30407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30407"
},
{
"name": "31277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31277"
},
{
"name": "trendmicro-officescan-objremovectrl-bo(44042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44042"
},
{
"name": "1020569",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020569"
},
{
"name": "6152",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6152"
},
{
"name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899\u0026id=EN-1037899",
"refsource": "CONFIRM",
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899\u0026id=EN-1037899"
},
{
"name": "4061",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3364",
"datePublished": "2008-07-30T16:03:00",
"dateReserved": "2008-07-30T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3864 (GCVE-0-2008-3864)
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "tmpfw-apithread-dos(48106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
},
{
"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name": "33358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33609"
},
{
"name": "4937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4937"
},
{
"name": "31160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31160"
},
{
"name": "1021614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "1021615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "tmpfw-apithread-dos(48106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
},
{
"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name": "33358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33609"
},
{
"name": "4937",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4937"
},
{
"name": "31160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31160"
},
{
"name": "1021614",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021615"
},
{
"name": "http://secunia.com/secunia_research/2008-42/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "tmpfw-apithread-dos(48106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
},
{
"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name": "33358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33609"
},
{
"name": "4937",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4937"
},
{
"name": "31160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31160"
},
{
"name": "1021614",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-3864",
"datePublished": "2009-01-21T20:00:00",
"dateReserved": "2008-08-29T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6179 (GCVE-0-2006-6179)
Vulnerability from cvelistv5
Published
2006-11-30 23:00
Modified
2024-08-07 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt"
},
{
"name": "21442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt"
},
{
"name": "21442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"name": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt",
"refsource": "MISC",
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt"
},
{
"name": "21442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21442"
},
{
"name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753",
"refsource": "CONFIRM",
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6179",
"datePublished": "2006-11-30T23:00:00",
"dateReserved": "2006-11-30T00:00:00",
"dateUpdated": "2024-08-07T20:19:34.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1151 (GCVE-0-2001-1151)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318"
},
{
"name": "officescan-config-file-access(7286)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286"
},
{
"name": "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/220666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318"
},
{
"name": "officescan-config-file-access(7286)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286"
},
{
"name": "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/220666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318",
"refsource": "MISC",
"url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318"
},
{
"name": "officescan-config-file-access(7286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286"
},
{
"name": "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/220666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1151",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0205 (GCVE-0-2000-0205)
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000303 TrendMicro OfficeScan, numerous security holes, remote files modification.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html"
},
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "1013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000303 TrendMicro OfficeScan, numerous security holes, remote files modification.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html"
},
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "1013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000303 TrendMicro OfficeScan, numerous security holes, remote files modification.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html"
},
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com"
},
{
"name": "http://www.antivirus.com/download/ofce_patch_35.htm",
"refsource": "MISC",
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "1013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0205",
"datePublished": "2000-03-22T05:00:00",
"dateReserved": "2000-03-22T00:00:00",
"dateUpdated": "2024-08-08T05:05:54.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6178 (GCVE-0-2006-6178)
Vulnerability from cvelistv5
Published
2006-11-30 23:00
Modified
2024-08-07 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt"
},
{
"name": "21442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt"
},
{
"name": "21442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4852"
},
{
"name": "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt",
"refsource": "MISC",
"url": "http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt"
},
{
"name": "21442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21442"
},
{
"name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702",
"refsource": "CONFIRM",
"url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6178",
"datePublished": "2006-11-30T23:00:00",
"dateReserved": "2006-11-30T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3862 (GCVE-0-2008-3862)
Vulnerability from cvelistv5
Published
2008-10-23 21:00
Modified
2024-08-07 09:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt"
},
{
"name": "32005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32005"
},
{
"name": "4489",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4489"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-40/"
},
{
"name": "ADV-2008-2892",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2892"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt"
},
{
"name": "1021093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021093"
},
{
"name": "31859",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31859"
},
{
"name": "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497650/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt"
},
{
"name": "32005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32005"
},
{
"name": "4489",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4489"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-40/"
},
{
"name": "ADV-2008-2892",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2892"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt"
},
{
"name": "1021093",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021093"
},
{
"name": "31859",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31859"
},
{
"name": "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497650/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to \"parsing CGI requests.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt"
},
{
"name": "32005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32005"
},
{
"name": "4489",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4489"
},
{
"name": "http://secunia.com/secunia_research/2008-40/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-40/"
},
{
"name": "ADV-2008-2892",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2892"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt"
},
{
"name": "1021093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021093"
},
{
"name": "31859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31859"
},
{
"name": "20081022 Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497650/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-3862",
"datePublished": "2008-10-23T21:00:00",
"dateReserved": "2008-08-29T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4403 (GCVE-0-2008-4403)
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31531",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "32097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32097"
},
{
"name": "1020974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "ADV-2008-2712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"name": "trendmicro-officescan-cgi-unspecified-bo(45599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31531",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "32097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32097"
},
{
"name": "1020974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "ADV-2008-2712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"name": "trendmicro-officescan-cgi-unspecified-bo(45599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the \"error handling mechanism.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31531"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "32097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32097"
},
{
"name": "1020974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020974"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "ADV-2008-2712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"name": "trendmicro-officescan-cgi-unspecified-bo(45599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4403",
"datePublished": "2008-10-03T15:00:00",
"dateReserved": "2008-10-03T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1349 (GCVE-0-2002-1349)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#157961",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/157961"
},
{
"name": "20021210 Unchecked buffer in PC-cillin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103953822705917\u0026w=2"
},
{
"name": "6350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982"
},
{
"name": "pccillin-pop3trap-bo(10814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.texonet.com/advisories/TEXONET-20021210.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#157961",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/157961"
},
{
"name": "20021210 Unchecked buffer in PC-cillin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103953822705917\u0026w=2"
},
{
"name": "6350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982"
},
{
"name": "pccillin-pop3trap-bo(10814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.texonet.com/advisories/TEXONET-20021210.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#157961",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/157961"
},
{
"name": "20021210 Unchecked buffer in PC-cillin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103953822705917\u0026w=2"
},
{
"name": "6350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6350"
},
{
"name": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982",
"refsource": "CONFIRM",
"url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982"
},
{
"name": "pccillin-pop3trap-bo(10814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10814"
},
{
"name": "http://www.texonet.com/advisories/TEXONET-20021210.txt",
"refsource": "MISC",
"url": "http://www.texonet.com/advisories/TEXONET-20021210.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1349",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-12-10T00:00:00",
"dateUpdated": "2024-08-08T03:19:28.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6458 (GCVE-0-2006-6458)
Vulnerability from cvelistv5
Published
2006-12-11 17:00
Modified
2024-08-07 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21509"
},
{
"name": "23321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23321"
},
{
"name": "ADV-2006-4918",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4918"
},
{
"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21509"
},
{
"name": "23321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23321"
},
{
"name": "ADV-2006-4918",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4918"
},
{
"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21509"
},
{
"name": "23321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23321"
},
{
"name": "ADV-2006-4918",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4918"
},
{
"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6458",
"datePublished": "2006-12-11T17:00:00",
"dateReserved": "2006-12-11T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3866 (GCVE-0-2008-3866)
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-43/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "1021616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021616"
},
{
"name": "nsc-tmpfw-security-bypass(48108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
},
{
"name": "1021617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021617"
},
{
"name": "33358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33609"
},
{
"name": "31160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-43/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "1021616",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021616"
},
{
"name": "nsc-tmpfw-security-bypass(48108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
},
{
"name": "1021617",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021617"
},
{
"name": "33358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33609"
},
{
"name": "31160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2008-43/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-43/"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
"refsource": "MISC",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "1021616",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021616"
},
{
"name": "nsc-tmpfw-security-bypass(48108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108"
},
{
"name": "1021617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021617"
},
{
"name": "33358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33609"
},
{
"name": "31160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-3866",
"datePublished": "2009-01-21T20:00:00",
"dateReserved": "2008-08-29T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1381 (GCVE-0-2006-1381)
Vulnerability from cvelistv5
Published
2006-03-24 11:00
Modified
2024-08-07 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:21.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "imss-isntsmtp-directory-permissions(25415)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9\u0026sel_lang=english"
},
{
"name": "ADV-2006-1041",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1041"
},
{
"name": "11576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "imss-isntsmtp-directory-permissions(25415)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9\u0026sel_lang=english"
},
{
"name": "ADV-2006-1041",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1041"
},
{
"name": "11576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11576"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imss-isntsmtp-directory-permissions(25415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25415"
},
{
"name": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9\u0026sel_lang=english",
"refsource": "MISC",
"url": "http://www.secumind.net/content/french/modules/news/article.php?storyid=9\u0026sel_lang=english"
},
{
"name": "ADV-2006-1041",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1041"
},
{
"name": "11576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11576"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1381",
"datePublished": "2006-03-24T11:00:00",
"dateReserved": "2006-03-24T00:00:00",
"dateUpdated": "2024-08-07T17:12:21.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0203 (GCVE-0-2000-0203)
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it"
},
{
"name": "1013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=412FC0AFD62ED31191B40008C7E9A11A0D481D%40srvnt04.previnet.it"
},
{
"name": "1013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com"
},
{
"name": "http://www.antivirus.com/download/ofce_patch_35.htm",
"refsource": "MISC",
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=412FC0AFD62ED31191B40008C7E9A11A0D481D@srvnt04.previnet.it"
},
{
"name": "1013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0203",
"datePublished": "2000-03-22T05:00:00",
"dateReserved": "2000-03-22T00:00:00",
"dateUpdated": "2024-08-08T05:05:54.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3455 (GCVE-0-2007-3455)
Vulnerability from cvelistv5
Published
2007-06-27 00:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24641"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"name": "24935",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24935"
},
{
"name": "36628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36628"
},
{
"name": "20070716 Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558"
},
{
"name": "ADV-2007-2330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"name": "25778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25778"
},
{
"name": "1018320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018320"
},
{
"name": "officescan-cgichkmasterpwd-security-bypass(35052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to \"stored decrypted user logon information.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24641"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"name": "24935",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24935"
},
{
"name": "36628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36628"
},
{
"name": "20070716 Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558"
},
{
"name": "ADV-2007-2330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"name": "25778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25778"
},
{
"name": "1018320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018320"
},
{
"name": "officescan-cgichkmasterpwd-security-bypass(35052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to \"stored decrypted user logon information.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24641"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"name": "24935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24935"
},
{
"name": "36628",
"refsource": "OSVDB",
"url": "http://osvdb.org/36628"
},
{
"name": "20070716 Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558"
},
{
"name": "ADV-2007-2330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"name": "25778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25778"
},
{
"name": "1018320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018320"
},
{
"name": "officescan-cgichkmasterpwd-security-bypass(35052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3455",
"datePublished": "2007-06-27T00:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1150 (GCVE-0-2001-1150)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "officescan-iuser-read-files(7014)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7014.php"
},
{
"name": "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/210087"
},
{
"name": "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/209375"
},
{
"name": "3216",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "officescan-iuser-read-files(7014)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7014.php"
},
{
"name": "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/210087"
},
{
"name": "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/209375"
},
{
"name": "3216",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "officescan-iuser-read-files(7014)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7014.php"
},
{
"name": "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/210087"
},
{
"name": "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/209375"
},
{
"name": "3216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1150",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0204 (GCVE-0-2000-0204)
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000226 DOS in Trendmicro OfficeScan",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html"
},
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "1013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000226 DOS in Trendmicro OfficeScan",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html"
},
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B%40209-76-212-10.trendmicro.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "1013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000226 DOS in Trendmicro OfficeScan",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html"
},
{
"name": "20000315 Trend Micro release patch for \"OfficeScan DoS \u0026 Message Replay\" V ulnerabilies",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com"
},
{
"name": "http://www.antivirus.com/download/ofce_patch_35.htm",
"refsource": "MISC",
"url": "http://www.antivirus.com/download/ofce_patch_35.htm"
},
{
"name": "1013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0204",
"datePublished": "2000-03-22T05:00:00",
"dateReserved": "2000-03-22T00:00:00",
"dateUpdated": "2024-08-08T05:05:54.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2439 (GCVE-0-2008-2439)
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2711"
},
{
"name": "31531",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt"
},
{
"name": "1020975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "32097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32097"
},
{
"name": "trendmicro-tmlisten-directory-traversal(45597)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496970/100/0/threaded"
},
{
"name": "31343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31343"
},
{
"name": "ADV-2008-2712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-39/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "ADV-2008-2711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2711"
},
{
"name": "31531",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt"
},
{
"name": "1020975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "32097",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32097"
},
{
"name": "trendmicro-tmlisten-directory-traversal(45597)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496970/100/0/threaded"
},
{
"name": "31343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31343"
},
{
"name": "ADV-2008-2712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-39/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-2439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2711",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2711"
},
{
"name": "31531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31531"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1372_Readme.txt"
},
{
"name": "1020975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020975"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5.0_EN_CriticalPatch1414.txt"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
},
{
"name": "32097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32097"
},
{
"name": "trendmicro-tmlisten-directory-traversal(45597)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45597"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "20081003 Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496970/100/0/threaded"
},
{
"name": "31343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31343"
},
{
"name": "ADV-2008-2712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2712"
},
{
"name": "http://secunia.com/secunia_research/2008-39/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-39/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-2439",
"datePublished": "2008-10-03T15:00:00",
"dateReserved": "2008-05-27T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3454 (GCVE-0-2007-3454)
Vulnerability from cvelistv5
Published
2007-06-27 00:00
Modified
2024-08-07 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:35.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24641"
},
{
"name": "36629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"name": "officescan-cgiocommon-bo(35051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051"
},
{
"name": "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559"
},
{
"name": "1018320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018320"
},
{
"name": "ADV-2007-2330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"name": "25778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24641"
},
{
"name": "36629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"name": "officescan-cgiocommon-bo(35051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051"
},
{
"name": "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559"
},
{
"name": "1018320",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018320"
},
{
"name": "ADV-2007-2330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"name": "25778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25778"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24641"
},
{
"name": "36629",
"refsource": "OSVDB",
"url": "http://osvdb.org/36629"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt"
},
{
"name": "officescan-cgiocommon-bo(35051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35051"
},
{
"name": "20070716 Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559"
},
{
"name": "1018320",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018320"
},
{
"name": "ADV-2007-2330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2330"
},
{
"name": "25778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25778"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3454",
"datePublished": "2007-06-27T00:00:00",
"dateReserved": "2007-06-26T00:00:00",
"dateUpdated": "2024-08-07T14:21:35.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5157 (GCVE-0-2006-5157)
Vulnerability from cvelistv5
Published
2006-10-03 23:00
Modified
2024-08-07 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.layereddefense.com/TREND01OCT.html"
},
{
"name": "ADV-2006-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3870"
},
{
"name": "officescan-atxconsole-format-string(29308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308"
},
{
"name": "1016963",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016963"
},
{
"name": "VU#788860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/788860"
},
{
"name": "20284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20284"
},
{
"name": "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447498/100/0/threaded"
},
{
"name": "1682",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1682"
},
{
"name": "22224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console\u0027s Remote Client Install name search\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.layereddefense.com/TREND01OCT.html"
},
{
"name": "ADV-2006-3870",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3870"
},
{
"name": "officescan-atxconsole-format-string(29308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308"
},
{
"name": "1016963",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016963"
},
{
"name": "VU#788860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/788860"
},
{
"name": "20284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20284"
},
{
"name": "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447498/100/0/threaded"
},
{
"name": "1682",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1682"
},
{
"name": "22224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the \"Management Console\u0027s Remote Client Install name search\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.layereddefense.com/TREND01OCT.html",
"refsource": "MISC",
"url": "http://www.layereddefense.com/TREND01OCT.html"
},
{
"name": "ADV-2006-3870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3870"
},
{
"name": "officescan-atxconsole-format-string(29308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29308"
},
{
"name": "1016963",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016963"
},
{
"name": "VU#788860",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/788860"
},
{
"name": "20284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20284"
},
{
"name": "20061001 Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447498/100/0/threaded"
},
{
"name": "1682",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1682"
},
{
"name": "22224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5157",
"datePublished": "2006-10-03T23:00:00",
"dateReserved": "2006-10-03T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}