CVSS: 9.3EPSS: 61%CPEs: 1EXPL: 1CVE-2008-3364 – Trend Micro OfficeScan - ObjRemoveCtrl ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3364
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information. Un desbordamiento de búfer en el control ActiveX de la clase ObjRemoveCtrl en la biblioteca OfficeScanRemoveCtrl.dll versión 7.3.0.1020 en Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment versiones 7.0, build 7.3 1343 Patch 4 y otras builds, y versión 8.0; Client Server Messaging Security (CSM) versiones 3.5 y 3.6; y Worry-Free Business Security (WFBS) versión 5.0, de Trend Micro, permite a los atacantes remotos ejecutar código arbitrario por medio de una cadena larga en la propiedad Server, y posiblemente otras propiedades. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/6152 http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1037899&id=EN-1037899 http://secunia.com/advisories/31277 http://secunia.com/advisories/31440 http://securityreason.com/securityalert/4061 http://www.securityfocus.com/bid/30407 http://www.securitytracker.com/id?1020569 http://www.vupen.com/english/advisories/2008/2220/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44042 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 80%CPEs: 2EXPL: 0CVE-2007-3454
https://notcve.org/view.php?id=CVE-2007-3454
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library. Un desbordamiento de búfer en la región stack de la memoria en la biblioteca CGIOCommon.dll versiones anteriores a 8.0.0.1042 en Trend Micro OfficeScan Corporate Edition versión 8.0, permite a atacantes remotos ejecutar código arbitrario por medio de peticiones diseñadas largas, como es demostrado usando una cookie de sesión larga para programas CGI no especificados que utilizan esta biblioteca • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=559 http://osvdb.org/36629 http://secunia.com/advisories/25778 http://securitytracker.com/id?1018320 http://www.securityfocus.com/bid/24641 http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt http://www.vupen.com/english/advisories/2007/2330 https://exchange.xforce.ibmcloud.com/vulnerabilities/35051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 81%CPEs: 3EXPL: 1CVE-2007-0325 – Trend Micro OfficeScan - Client ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-0325
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document. Múltiples desbordamientos de búfer en el control ActiveX Trend Micro OfficeScan Web-Deployment SetupINICtrl en OfficeScanSetupINI.dll, como ha sido usado en OfficeScan 7.0 anterior a Build 1344, OfficeScan 7.3 anetrior a Build 1241, y Client / Server / Messaging Security 3.0 anterior a Build 1197, permite a atacantes remotos ejecutar código de su elección mediante un documento HTML artesanal. • https://www.exploit-db.com/exploits/16535 http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034288 http://osvdb.org/33040 http://secunia.com/advisories/24193 http://www.kb.cert.org/vuls/id/784369 http://www.securityfocus.com/bid/22585 http://www.securitytracker.com/id?1017664 http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt http://www.vupen.com/english/advisories/2007/0638 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0CVE-2007-0851
https://notcve.org/view.php?id=CVE-2007-0851
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2006-6458
https://notcve.org/view.php?id=CVE-2006-6458
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU y cuelgue de aplicación) mediante un archivo RAR mal formado con una sección Cabecera de Archivo con lo campos head_size (tamaño de cabecera) y pack_size (tamaño de paquete) puestos a cero, lo cual dispara un bucle infinito. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 http://secunia.com/advisories/23321 http://www.securityfocus.com/bid/21509 http://www.vupen.com/english/advisories/2006/4918 •