CVSS: 9.3EPSS: 61%CPEs: 1EXPL: 1CVE-2008-3364 – Trend Micro OfficeScan - ObjRemoveCtrl ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3364
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en el control ActiveX de la clase ObjRemoveCtrl en la biblioteca OfficeScanRemoveCtrl.dll versión 7.3.0.1020 en Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment versiones 7.0, build 7.3 1343 Patch 4 y otras builds, y versión 8.0; Client Server Messaging Security (CSM) versiones 3.5 y 3.6; y Worry-Free Business Security (WFBS) versión 5.0, de Trend Micro, permite a los atacantes remotos ejecutar código arbitrario por medio de una cadena larga en la propiedad Server, y posiblemente otras propiedades. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/6152 http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899 http://secunia.com/advisories/31277 http://secunia.com/advisories/31440 http://securityreason.com/securityalert/4061 http://www.securityfocus.com/bid/30407 http://www.securitytracker.com/id?1020569 http://www.vupen.com/english/advisories/2008/2220/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 23%CPEs: 2EXPL: 3CVE-2008-1365 – Trend Micro OfficeScan - Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-1365
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors. Desbordamiento de búfer basado en pila en Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 y anteriores y 7.3 Patch 3 build 1314 y anteriores, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída) a través de una contraseña larga cifrada, la cual dispara el desbordamiento en (1) cgiChkMasterPwd.exe, (2) policyserver.exe alcanzable mediante cgiABLogon.exe y otros vectores. • https://www.exploit-db.com/exploits/31310 https://www.exploit-db.com/exploits/16768 http://aluigi.altervista.org/adv/officescaz-adv.txt http://secunia.com/advisories/29124 http://www.securityfocus.com/bid/28020 http://www.securitytracker.com/id?1019523 http://www.vupen.com/english/advisories/2008/0702 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-1366
https://notcve.org/view.php?id=CVE-2008-1366
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference. Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 y anteriores y 7.3 Patch 3 build 1314 y anteriores, permiten a atacantes remotos provocar una denegación de servicio (consumo de procesos) mediante (1) una petición HTTP sin una cabecera Content-Length o (2) caracteres inválidos en argumentos CGI no especificados, que disparan una referencia a un puntero nulo. • http://aluigi.altervista.org/adv/officescaz-adv.txt http://secunia.com/advisories/29124 http://www.securityfocus.com/bid/28020 http://www.securitytracker.com/id?1019522 http://www.vupen.com/english/advisories/2008/0702 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 0CVE-2007-6507 – Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2007-6507
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. El demonio SpntSvc.exe en Trend Micro ServerProtect 5.58 para Windows, anterior al Security Patch 4, expone sub-funciones peligrosas no especificadas de StRpcSrv.dll en la interfaz DCE/RPC, lo cual permite a atacantes remotos obtener "acceso completo al sistema de ficheros" y ejecutar código de su elección. These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following DCE/RPC interface through TmRpcSrv.dll: /* opcode: 0x00, address: 0x65741030 */ error_status_t sub_65741030 ( [in] handle_t arg_1, [in] long arg_2, [in][size_is(arg_4)] byte arg_3[], [in] long arg_4, [out][size_is(arg_6)] byte arg_5[], [in] long arg_6 ); Various sub-functions from StRpcSrv.dll are exposed in this interface and allow for full file system access that can be trivially leveraged to executed arbitrary code. • http://osvdb.org/44318 http://secunia.com/advisories/26523 http://securityreason.com/securityalert/3475 http://www.securityfocus.com/archive/1/485250/100/0/threaded http://www.securityfocus.com/bid/26912 http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt http://www.zerodayinitiative.com/advisories/ZDI-07-077.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-6386
https://notcve.org/view.php?id=CVE-2007-6386
Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file. Desbordamiento de buffer relacionado con la pila en PccScan.dll, en versiones anteriores a la build 1451 de Trend Micro AntiVirus, además de AntiSpyware 2008, Internet Security 2008, e Internet Security Pro 2008. Permite que atacantes remotos con intervención del usuario provoquen una denegación de serivio (por caída de SfCtlCom.exe), y que usuarios locales ganen privilegios, usando un archivo .zip mal formado, con un nombre largo, tal y como se demuestra con un fichero .zip creado a partir de especificadores de cadenas de formato, en un fichero .uue manipulado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464 http://osvdb.org/39769 http://osvdb.org/39770 http://secunia.com/advisories/28038 http://secway.org/advisory/AD20071211.txt http://www.securitytracker.com/id?1019079 http://www.vupen.com/english/advisories/2007/4191 https://exchange.xforce.ibmcloud.com/vulnerabilities/38982 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •