CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2006-6458
https://notcve.org/view.php?id=CVE-2006-6458
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU y cuelgue de aplicación) mediante un archivo RAR mal formado con una sección Cabecera de Archivo con lo campos head_size (tamaño de cabecera) y pack_size (tamaño de paquete) puestos a cero, lo cual dispara un bucle infinito. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 http://secunia.com/advisories/23321 http://www.securityfocus.com/bid/21509 http://www.vupen.com/english/advisories/2006/4918 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2006-6178
https://notcve.org/view.php?id=CVE-2006-6178
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. Desbordamiento de búfer en PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe para Trend Micro OfficeScan 7.3 anterior a build 7.3.0.1087 permite a atacantes remotos ejecutar código de su elección mediante vectores de ataque no especificados. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031702 http://solutionfile.trendmicro.com/SolutionFile/1031702/en/Hotfix_Readme_OSCE7_3_B1087.txt http://www.securityfocus.com/bid/21442 http://www.vupen.com/english/advisories/2006/4852 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2006-6179
https://notcve.org/view.php?id=CVE-2006-6179
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. Desbordamiento de búfer en PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe para el Trend Micro OfficeScan 7.3 anterior a la versión 7.3.0.1089, permite a atacantes remotos ejecutar código de su elección a través de vectores de ataque desconocidos. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753 http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt http://www.securityfocus.com/bid/21442 http://www.vupen.com/english/advisories/2006/4852 •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0CVE-2006-5212
https://notcve.org/view.php?id=CVE-2006-5212
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. Trend Micro OfficeScan 6.0 en Client/Server/Messaging (CSM) Suite para SMB 2.0 anetrior a 6.0.0.1385, y OfficeScan Corporate Edition (OSCE) 6.5 anterior a 6.5.0.1418, 7.0 anterior a 7.0.0.1257, y 7.3 anterior a 7.3.0.1053 permite a atacantes remotos borrar archivos mediante un parámetro de nombre de archivo (filename) modificado en una petición HTTP determinada que invoca al programa CGI de OfficeScan. • http://secunia.com/advisories/22156 http://www.securityfocus.com/bid/20330 http://www.trendmicro.com/download/product.asp?productid=5 http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt http://www.trendmicro.com/ftp/documentation/readme/osce_70& •
CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0CVE-2005-3379
https://notcve.org/view.php?id=CVE-2005-3379
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." • http://marc.info/?l=bugtraq&m=113026417802703&w=2 http://www.securityelf.org/magicbyte.html http://www.securityelf.org/magicbyteadv.html http://www.securityelf.org/updmagic.html http://www.securityfocus.com/archive/1/415173 http://www.securityfocus.com/bid/15189 •