Page 6 of 129 results (0.005 seconds)

CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 1

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. Desbordamiento de búfer basado en pila en la función CGenericScheduler::AddTask en cmdHandlerRedAlertController.dll en CmdProcessor.exe en Trend Micro Control Manager v5.5 anterior al Build 1613 permite a atacantes remotos ejecutar código de su elección mediante un paquete IPC manipulado al puerto 20101 TCP • https://www.exploit-db.com/exploits/18514 http://secunia.com/advisories/47114 http://www.securityfocus.com/archive/1/520780/100/0/threaded http://www.securitytracker.com/id?1026390 http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt http://www.zerodayinitiative.com/advisories/ZDI-11-345 https://exchange.xforce.ibmcloud.com/vulnerabilities/71681 - • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC, utilizado en Trend Micro OfficeScan 8.0 SP1 parche 1 e Internet Security 2007 y 2008 v17.0.1224, se basa en la protección de la contraseña del lado del cliente implementada en la configuración GUI, lo que permite a usuarios locales evitar las restricciones de de acceso previstas y cambiar las configuraciones del cortafuegos utilizando un cliente modificado que envía paquetes manipulados. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-43 http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021616 http://www.securitytracker.com/id?1021617 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009/0191 https://exchange.xforce.ibmcloud.com/vulnerabilities/48108 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 55%CPEs: 3EXPL: 0

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos ejecutar código de su elección mediante un paquete con un valor pequeño en un campo de tamaño no especificado. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-42 http://securityreason.com/securityalert/4937 http://www.securityfocus.com/archive/1/500195/100/0/threaded http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021614 http://www.securitytracker.com/id?1021615 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 10%CPEs: 3EXPL: 0

The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegación de sevicio (caída de aplicación) mediante un paquete con un valor grande en un campo de tamaño no especificado. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-42 http://securityreason.com/securityalert/4937 http://www.securityfocus.com/archive/1/500195/100/0/threaded http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021614 http://www.securitytracker.com/id?1021615 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009&# • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 29%CPEs: 2EXPL: 0

Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. Vulnerabilidad de uso después de la liberación en el control ActiveX de HouseCall de Trend Micro v6.51.0.1028 y v6.6.0.1278 en Housecall_ActiveX.dll, permite a atacantes remotos ejecutar código arbitrario a través de una función de retorno notifyOnLoadNative manipulada. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646 http://secunia.com/advisories/31583 http://secunia.com/secunia_research/2008-34 http://securitytracker.com/id?1021481 http://www.kb.cert.org/vuls/id/702628 http://www.osvdb.org/50843 http://www.securityfocus.com/archive/1/499478/100/0/threaded http://www.securityfocus.com/bid/32950 http://www.vupen.com/english/advisories/2008/3464 https://exchange.xforce.ibmcloud.com/vulnerabilities/47523 • CWE-399: Resource Management Errors •