CVSS: 9.3EPSS: 29%CPEs: 3EXPL: 0CVE-2008-2434
https://notcve.org/view.php?id=CVE-2008-2434
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder. El control ActiveX de Trend Micro HouseCall v6.51.0.1028 y v6.6.0.1278 en Housecall_ActiveX.dll permite a atacantes remotos descargar un fichero de biblioteca arbitrario en un sistema cliente a través del parámetro "custom update server". NOTE: puede aprovecharse para ejecución de código escribiendo en la carpeta de inicio. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646 http://osvdb.org/50941 http://secunia.com/advisories/31337 http://secunia.com/secunia_research/2008-32 http://securityreason.com/securityalert/4802 http://www.kb.cert.org/vuls/id/541025 http://www.securityfocus.com/archive/1/499495/100/0/threaded http://www.securityfocus.com/bid/32965 http://www.vupen.com/english/advisories/2008/3464 https://exchange.xforce.ibmcloud.com/vulnerabilities/47524 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5545
https://notcve.org/view.php?id=CVE-2008-5545
Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Trend Micro VSAPI v8.700.0.1004 en Trend Micro AntiVirus, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2007-0073
https://notcve.org/view.php?id=CVE-2007-0073
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC. Desbordamiento de búfer en memoria libre para la reserva dinámica (heap) en un procedimiento no especificado de Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, posiblemente relacionados con una operación de lectura de un fichero sobre RPC. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/309.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/39050 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2007-0072
https://notcve.org/view.php?id=CVE-2007-0072
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC. Desbordamiento de búfer basado en montículo en un procedimiento no especificado en Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos, posiblemente relacionados con una operación de lectura sobre RPC. • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/309.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/38760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 0CVE-2006-5268
https://notcve.org/view.php?id=CVE-2006-5268
Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface." Vulnerabilidad no especificada en Trend Micro ServerProtect 5.7 y 5.58 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados para obtener "acceso administrativo a la interface RPC". • http://blogs.iss.net/archive/trend.html http://secunia.com/advisories/32618 http://www.iss.net/threats/307.html http://www.kb.cert.org/vuls/id/768681 http://www.securityfocus.com/bid/32261 http://www.vupen.com/english/advisories/2008/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/31112 • CWE-287: Improper Authentication •