CVE-2008-3864 (GCVE-0-2008-3864)
Vulnerability from cvelistv5
Published
2009-01-21 20:00
Modified
2024-08-07 09:53
Severity ?
CWE
  • n/a
Summary
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
References
PSIRT-CNA@flexerasoftware.com http://secunia.com/advisories/31160 Vendor Advisory
PSIRT-CNA@flexerasoftware.com http://secunia.com/advisories/33609 Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.com http://secunia.com/secunia_research/2008-42/
PSIRT-CNA@flexerasoftware.com http://securityreason.com/securityalert/4937
PSIRT-CNA@flexerasoftware.com http://www.securityfocus.com/archive/1/500195/100/0/threaded
PSIRT-CNA@flexerasoftware.com http://www.securityfocus.com/bid/33358 Patch
PSIRT-CNA@flexerasoftware.com http://www.securitytracker.com/id?1021614
PSIRT-CNA@flexerasoftware.com http://www.securitytracker.com/id?1021615
PSIRT-CNA@flexerasoftware.com http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt Vendor Advisory
PSIRT-CNA@flexerasoftware.com http://www.vupen.com/english/advisories/2009/0191
PSIRT-CNA@flexerasoftware.com https://exchange.xforce.ibmcloud.com/vulnerabilities/48106
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/31160 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/33609 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/secunia_research/2008-42/
af854a3a-2127-422b-91ae-364da2661108 http://securityreason.com/securityalert/4937
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/500195/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/33358 Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.securitytracker.com/id?1021614
af854a3a-2127-422b-91ae-364da2661108 http://www.securitytracker.com/id?1021615
af854a3a-2127-422b-91ae-364da2661108 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2009/0191
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/48106
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:53:00.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1021615",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021615"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2008-42/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
          },
          {
            "name": "tmpfw-apithread-dos(48106)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
          },
          {
            "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
          },
          {
            "name": "33358",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33358"
          },
          {
            "name": "ADV-2009-0191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0191"
          },
          {
            "name": "33609",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33609"
          },
          {
            "name": "4937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4937"
          },
          {
            "name": "31160",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31160"
          },
          {
            "name": "1021614",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021614"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "1021615",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021615"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2008-42/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
        },
        {
          "name": "tmpfw-apithread-dos(48106)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
        },
        {
          "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
        },
        {
          "name": "33358",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33358"
        },
        {
          "name": "ADV-2009-0191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0191"
        },
        {
          "name": "33609",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33609"
        },
        {
          "name": "4937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4937"
        },
        {
          "name": "31160",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31160"
        },
        {
          "name": "1021614",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021614"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2008-3864",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1021615",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021615"
            },
            {
              "name": "http://secunia.com/secunia_research/2008-42/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2008-42/"
            },
            {
              "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
              "refsource": "CONFIRM",
              "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
            },
            {
              "name": "tmpfw-apithread-dos(48106)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48106"
            },
            {
              "name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
            },
            {
              "name": "33358",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33358"
            },
            {
              "name": "ADV-2009-0191",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0191"
            },
            {
              "name": "33609",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33609"
            },
            {
              "name": "4937",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4937"
            },
            {
              "name": "31160",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31160"
            },
            {
              "name": "1021614",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021614"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2008-3864",
    "datePublished": "2009-01-21T20:00:00",
    "dateReserved": "2008-08-29T00:00:00",
    "dateUpdated": "2024-08-07T09:53:00.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3864\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2009-01-21T20:30:00.187\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ApiThread en el servicio de cortafuegos (tambi\u00e9n conocido como TmPfw.exe) en los m\u00f3dulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegaci\u00f3n de sevicio (ca\u00edda de aplicaci\u00f3n) mediante un paquete con un valor grande en un campo de tama\u00f1o no especificado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C374395B-80B1-4FBA-88F6-1C155900E4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trend_micro:internet_security_2008:17.0.1224:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F794E937-C7EC-423B-AF79-F7C214114BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trend_micro:officescan:8.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A220318-78FB-4D3B-968D-7B0BF3BB1969\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/31160\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33609\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2008-42/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://securityreason.com/securityalert/4937\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/500195/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/bid/33358\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1021614\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securitytracker.com/id?1021615\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0191\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48106\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/31160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2008-42/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/500195/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/33358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1021614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.