CVSS: 5.1EPSS: 22%CPEs: 1EXPL: 0CVE-2006-5157
https://notcve.org/view.php?id=CVE-2006-5157
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". Vulnerabilidad de cadena de formato en el control ActiveX (ATXCONSOLE.OCX) en TrendMicro OfficeScan Corporate Edition (OSCE) anterior a 7.3 Patch 1 permite a atacantes remotos ejecutar código de su elección mediante identificadores de cadena de formato en el "Management Console's Remote Client Install name search". • http://secunia.com/advisories/22224 http://securityreason.com/securityalert/1682 http://securitytracker.com/id?1016963 http://www.kb.cert.org/vuls/id/788860 http://www.layereddefense.com/TREND01OCT.html http://www.securityfocus.com/archive/1/447498/100/0/threaded http://www.securityfocus.com/bid/20284 http://www.vupen.com/english/advisories/2006/3870 https://exchange.xforce.ibmcloud.com/vulnerabilities/29308 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1381
https://notcve.org/view.php?id=CVE-2006-1381
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. • http://secunia.com/advisories/11576 http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english http://www.vupen.com/english/advisories/2006/1041 https://exchange.xforce.ibmcloud.com/vulnerabilities/25415 •
CVSS: 5.1EPSS: 1%CPEs: 2EXPL: 0CVE-2005-3379
https://notcve.org/view.php?id=CVE-2005-3379
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." • http://marc.info/?l=bugtraq&m=113026417802703&w=2 http://www.securityelf.org/magicbyte.html http://www.securityelf.org/magicbyteadv.html http://www.securityelf.org/updmagic.html http://www.securityfocus.com/archive/1/415173 http://www.securityfocus.com/bid/15189 •
CVSS: 7.5EPSS: 21%CPEs: 78EXPL: 0CVE-2005-0533
https://notcve.org/view.php?id=CVE-2005-0533
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 http://securitytracker.com/id?1013289 http://securitytracker.com/id?1013290 http://www.securityfocus.com/bid/12643 http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution http://xforce.iss.net/xforce/alerts/id/189 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2004-2430
https://notcve.org/view.php?id=CVE-2004-2430
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. • http://archives.neohapsis.com/archives/bugtraq/2004-06/0117.html http://secunia.com/advisories/11806 http://uk.trendmicro-europe.com/enterprise/support/knowledge_base_detail.php?solutionId=20118 http://www.osvdb.org/6840 http://www.securityfocus.com/bid/10503 https://exchange.xforce.ibmcloud.com/vulnerabilities/16375 •