CVE-2008-3866
https://notcve.org/view.php?id=CVE-2008-3866
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC, utilizado en Trend Micro OfficeScan 8.0 SP1 parche 1 e Internet Security 2007 y 2008 v17.0.1224, se basa en la protección de la contraseña del lado del cliente implementada en la configuración GUI, lo que permite a usuarios locales evitar las restricciones de de acceso previstas y cambiar las configuraciones del cortafuegos utilizando un cliente modificado que envía paquetes manipulados. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-43 http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021616 http://www.securitytracker.com/id?1021617 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009/0191 https://exchange.xforce.ibmcloud.com/vulnerabilities/48108 • CWE-287: Improper Authentication •
CVE-2008-3865
https://notcve.org/view.php?id=CVE-2008-3865
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos ejecutar código de su elección mediante un paquete con un valor pequeño en un campo de tamaño no especificado. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-42 http://securityreason.com/securityalert/4937 http://www.securityfocus.com/archive/1/500195/100/0/threaded http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021614 http://www.securitytracker.com/id?1021615 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3864
https://notcve.org/view.php?id=CVE-2008-3864
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegación de sevicio (caída de aplicación) mediante un paquete con un valor grande en un campo de tamaño no especificado. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-42 http://securityreason.com/securityalert/4937 http://www.securityfocus.com/archive/1/500195/100/0/threaded http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021614 http://www.securitytracker.com/id?1021615 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009 • CWE-20: Improper Input Validation •
CVE-2007-4277
https://notcve.org/view.php?id=CVE-2007-4277
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. La ingenieria de búsqueda de Trend Micro AntiVirus anterior a 8.550-1001, utilizada en Trend Micro PC-Cillin Internet Security 2007, y Tmxpflt.sys 8.320.1004 y 8.500.0.1002, tiene permisos débiles (TODOS:Escritura) para el dispositivo \\.\Tmfilter, lo cual permite a usuarios locales enviar contenido de su elección al dispositivo a través de la funcionalidad IOCTL. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793 http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=609 http://secunia.com/advisories/27378 http://securitytracker.com/id?1018863 http://www.securityfocus.com/bid/26209 http://www.vupen.com/english/advisories/2007/3627 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3873
https://notcve.org/view.php?id=CVE-2007-3873
Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification. Desbordamiento de búfer basado en pila en vstlib32.dll 1.2.0.1012 en SSAPI Engine 5.0.0.1066 hasta 5.2.0.1012 en Trend Micro AntiSpyware 3.5 y PC-Cillin Internet Security 2007 15.0 hasta 15.3, cuando la característica Venus Spy Trap (VST) está habilitada, permite a usuarios locales provocar una denegación de servicio (caída del servicio) o ejecutar código de su elección mediante un fichero con un nombre de ruta largo, lo cual provoca el desbordamiento durante una notificación ReadDirectoryChangesW recurrente. • http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=586 http://secunia.com/advisories/26557 http://securitytracker.com/id?1018592 http://www.securityfocus.com/bid/25388 http://www.vupen.com/english/advisories/2007/2935 https://exchange.xforce.ibmcloud.com/vulnerabilities/36144 •