CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45335
https://notcve.org/view.php?id=CVE-2024-45335
Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection. • https://helpcenter.trendmicro.com/en-us/article/tmka-07255 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45334
https://notcve.org/view.php?id=CVE-2024-45334
Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. • https://helpcenter.trendmicro.com/en-us/article/TMKA-14461 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5545
https://notcve.org/view.php?id=CVE-2008-5545
Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Trend Micro VSAPI v8.700.0.1004 en Trend Micro AntiVirus, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-6386
https://notcve.org/view.php?id=CVE-2007-6386
Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file. Desbordamiento de buffer relacionado con la pila en PccScan.dll, en versiones anteriores a la build 1451 de Trend Micro AntiVirus, además de AntiSpyware 2008, Internet Security 2008, e Internet Security Pro 2008. Permite que atacantes remotos con intervención del usuario provoquen una denegación de serivio (por caída de SfCtlCom.exe), y que usuarios locales ganen privilegios, usando un archivo .zip mal formado, con un nombre largo, tal y como se demuestra con un fichero .zip creado a partir de especificadores de cadenas de formato, en un fichero .uue manipulado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464 http://osvdb.org/39769 http://osvdb.org/39770 http://secunia.com/advisories/28038 http://secway.org/advisory/AD20071211.txt http://www.securitytracker.com/id?1019079 http://www.vupen.com/english/advisories/2007/4191 https://exchange.xforce.ibmcloud.com/vulnerabilities/38982 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1591
https://notcve.org/view.php?id=CVE-2007-1591
VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error. VsapiNT.sys en el Scan Engine 8.0 para Trend Micro AntiVirus 14.10.1041, y otros productos, permite a atacantes remotos provocar una denegación de servicio (fallo del núcleo y caída del sistema) mediante un fichero UPX manipulado con un campo concreto que dispara un error de división-por-cero. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034587 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=488 http://www.securityfocus.com/archive/1/463007/100/100/threaded http://www.securitytracker.com/id?1017768 http://www.vupen.com/english/advisories/2007/0959 •