Page 2 of 9 results (0.009 seconds)

CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0

Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." • http://marc.info/?l=bugtraq&m=113026417802703&w=2 http://www.securityelf.org/magicbyte.html http://www.securityelf.org/magicbyteadv.html http://www.securityelf.org/updmagic.html http://www.securityfocus.com/archive/1/415173 http://www.securityfocus.com/bid/15189 •

CVSS: 7.5EPSS: 21%CPEs: 78EXPL: 0

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 http://securitytracker.com/id?1013289 http://securitytracker.com/id?1013290 http://www.securityfocus.com/bid/12643 http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution http://xforce.iss.net/xforce/alerts/id/189 •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html http://secunia.com/advisories/11806 http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118 http://www.osvdb.org/6840 http://www.securityfocus.com/bid/10503 https://exchange.xforce.ibmcloud.com/vulnerabilities/16375 •

CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 1

Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. • http://marc.info/?l=bugtraq&m=108395366909344&w=2 http://secunia.com/advisories/11576 http://www.osvdb.org/5990 http://www.securityfocus.com/bid/10300 https://exchange.xforce.ibmcloud.com/vulnerabilities/16092 •